Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by Ucweb
CVE-2017-20041 (GCVE-0-2017-20041)
Vulnerability from cvelistv5 – Published: 2022-06-13 06:50 – Updated: 2025-04-15 14:25
VLAI
Title
Ucweb UC Browser HTML URL improper restriction of rendered ui layers
Summary
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Mar/36 | x_refsource_MISC |
| https://vuldb.com/?id.98214 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ucweb | UC Browser |
Affected:
11.2.5.932
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98214"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20041",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:11:38.712097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:25:56.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UC Browser",
"vendor": "Ucweb",
"versions": [
{
"status": "affected",
"version": "11.2.5.932"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T06:50:19.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98214"
}
],
"title": "Ucweb UC Browser HTML URL improper restriction of rendered ui layers",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20041",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Ucweb UC Browser HTML URL improper restriction of rendered ui layers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UC Browser",
"version": {
"version_data": [
{
"version_value": "11.2.5.932"
}
]
}
}
]
},
"vendor_name": "Ucweb"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/36",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/36"
},
{
"name": "https://vuldb.com/?id.98214",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20041",
"datePublished": "2022-06-13T06:50:19.000Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:25:56.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36473 (GCVE-0-2020-36473)
Vulnerability from cvelistv5 – Published: 2021-08-14 20:49 – Updated: 2024-08-04 17:30
VLAI
Summary
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://medium.com/%40ciph3r/why-you-should-not-u… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40ciph3r/why-you-should-not-use-uc-browser-54558916d020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-14T20:49:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40ciph3r/why-you-should-not-use-uc-browser-54558916d020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@ciph3r/why-you-should-not-use-uc-browser-54558916d020",
"refsource": "MISC",
"url": "https://medium.com/@ciph3r/why-you-should-not-use-uc-browser-54558916d020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36473",
"datePublished": "2021-08-14T20:49:56.000Z",
"dateReserved": "2021-08-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:30:08.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7364 (GCVE-0-2020-7364)
Vulnerability from cvelistv5 – Published: 2020-10-20 16:40 – Updated: 2024-09-16 19:40
VLAI
Title
UCWeb UC Browser Address Bar Spooofing
Summary
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
Severity
4.3 (Medium)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rafaybaloch.com/2020/10/multiple-addr… | x_refsource_MISC |
| https://blog.rapid7.com/2020/10/20/vulntober-mult… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UCWeb | UC Browser |
Affected:
13.0.8 , ≤ 13.0.8
(custom)
|
Date Public
2020-10-20 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UC Browser",
"vendor": "UCWeb",
"versions": [
{
"lessThanOrEqual": "13.0.8",
"status": "affected",
"version": "13.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Rafay Baloch, and disclosed in accordance with Rapid7\u0027s coordinated vulnerability disclosure policy at https://www.rapid7.com/security/disclosure#zeroday"
}
],
"datePublic": "2020-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb\u0027s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb\u0027s UC Browser version 13.0.8 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T16:40:23.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UCWeb UC Browser Address Bar Spooofing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-10-20T13:00:00.000Z",
"ID": "CVE-2020-7364",
"STATE": "PUBLIC",
"TITLE": "UCWeb UC Browser Address Bar Spooofing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UC Browser",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "13.0.8",
"version_value": "13.0.8"
}
]
}
}
]
},
"vendor_name": "UCWeb"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Rafay Baloch, and disclosed in accordance with Rapid7\u0027s coordinated vulnerability disclosure policy at https://www.rapid7.com/security/disclosure#zeroday"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb\u0027s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb\u0027s UC Browser version 13.0.8 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html"
},
{
"name": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7364",
"datePublished": "2020-10-20T16:40:23.771Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:40:23.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7363 (GCVE-0-2020-7363)
Vulnerability from cvelistv5 – Published: 2020-10-20 16:40 – Updated: 2024-09-17 02:10
VLAI
Title
UCWeb UC Browser Address Bar Spooofing
Summary
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
Severity
4.3 (Medium)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rafaybaloch.com/2020/10/multiple-addr… | x_refsource_MISC |
| https://blog.rapid7.com/2020/10/20/vulntober-mult… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UCWeb | UC Browser |
Affected:
13.0.8 , ≤ 13.0.8
(custom)
|
Date Public
2020-10-20 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UC Browser",
"vendor": "UCWeb",
"versions": [
{
"lessThanOrEqual": "13.0.8",
"status": "affected",
"version": "13.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Rafay Baloch, and disclosed in accordance with Rapid7\u0027s coordinated vulnerability disclosure policy at https://www.rapid7.com/security/disclosure#zeroday"
}
],
"datePublic": "2020-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb\u0027s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb\u0027s UC Browser version 13.0.8 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T16:40:23.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UCWeb UC Browser Address Bar Spooofing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-10-20T13:00:00.000Z",
"ID": "CVE-2020-7363",
"STATE": "PUBLIC",
"TITLE": "UCWeb UC Browser Address Bar Spooofing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UC Browser",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "13.0.8",
"version_value": "13.0.8"
}
]
}
}
]
},
"vendor_name": "UCWeb"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Rafay Baloch, and disclosed in accordance with Rapid7\u0027s coordinated vulnerability disclosure policy at https://www.rapid7.com/security/disclosure#zeroday"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb\u0027s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb\u0027s UC Browser version 13.0.8 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html"
},
{
"name": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7363",
"datePublished": "2020-10-20T16:40:23.335Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:10:40.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10251 (GCVE-0-2019-10251)
Vulnerability from cvelistv5 – Published: 2019-03-28 14:01 – Updated: 2024-08-04 22:17
VLAI
Summary
The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.bleepingcomputer.com/news/security/uc… | x_refsource_MISC |
| https://news.drweb.com/show/?i=13176&c=38 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.drweb.com/show/?i=13176\u0026c=38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T14:01:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.drweb.com/show/?i=13176\u0026c=38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/",
"refsource": "MISC",
"url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/"
},
{
"name": "https://news.drweb.com/show/?i=13176\u0026c=38",
"refsource": "MISC",
"url": "https://news.drweb.com/show/?i=13176\u0026c=38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10251",
"datePublished": "2019-03-28T14:01:04.000Z",
"dateReserved": "2019-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:19.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10250 (GCVE-0-2019-10250)
Vulnerability from cvelistv5 – Published: 2019-03-28 14:00 – Updated: 2024-08-04 22:17
VLAI
Summary
UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.bleepingcomputer.com/news/security/uc… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T14:00:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/",
"refsource": "MISC",
"url": "https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10250",
"datePublished": "2019-03-28T14:00:43.000Z",
"dateReserved": "2019-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:19.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6691 (GCVE-0-2014-6691)
Vulnerability from cvelistv5 – Published: 2014-09-23 10:00 – Updated: 2024-08-06 12:24
VLAI
Summary
The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/172857 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/582497 | third-party-advisoryx_refsource_CERT-VN |
| https://docs.google.com/spreadsheets/d/1t5GXwjw82… | x_refsource_MISC |
Date Public
2014-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:24:35.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#172857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/172857"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-23T07:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#172857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/172857"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#172857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/172857"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-6691",
"datePublished": "2014-09-23T10:00:00.000Z",
"dateReserved": "2014-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:24:35.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1478 (GCVE-0-2012-1478)
Vulnerability from cvelistv5 – Published: 2012-03-14 01:00 – Updated: 2024-08-06 19:01
VLAI
Summary
Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-20… | x_refsource_MISC |
Date Public
2012-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "blovestorm-android-unspecified(74024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1478-vulnerability-in-UCMobileBloveStorm.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "blovestorm-android-unspecified(74024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1478-vulnerability-in-UCMobileBloveStorm.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "blovestorm-android-unspecified(74024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74024"
},
{
"name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1478-vulnerability-in-UCMobileBloveStorm.html",
"refsource": "MISC",
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1478-vulnerability-in-UCMobileBloveStorm.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1478",
"datePublished": "2012-03-14T01:00:00.000Z",
"dateReserved": "2012-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}