VYPR

Shareit

by Lenovo

CVEs (11)

  • CVE-2016-4782HigMay 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."

  • CVE-2016-1491HigJan 26, 2016
    risk 0.57cvss 8.8epss 0.02

    The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

  • CVE-2016-1489HigJan 26, 2016
    risk 0.52cvss 8.0epss 0.02

    Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

  • CVE-2016-4783MedMay 23, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

  • CVE-2016-1492MedJan 26, 2016
    risk 0.40cvss 6.1epss 0.02

    The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

  • CVE-2016-1490MedJan 26, 2016
    risk 0.27cvss 4.1epss 0.02

    The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.

  • CVE-2019-15234Apr 27, 2020
    risk 0.00cvss epss 0.02

    SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from…

  • CVE-2019-14941Apr 27, 2020
    risk 0.00cvss epss 0.02

    SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.

  • CVE-2019-9939Mar 22, 2019
    risk 0.00cvss epss 0.02

    The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the…

  • CVE-2019-9938Mar 22, 2019
    risk 0.00cvss epss 0.01

    The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos,…

  • CVE-2014-1939Mar 3, 2014
    risk 0.00cvss epss 0.01

    java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at…