Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for tv_bro by fedirtsapana

    CVE-2023-43955 (GCVE-0-2023-43955)

    Vulnerability from nvd – Published: 2023-12-27 00:00 – Updated: 2024-08-02 19:52
    VLAI
    Summary
    The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/actuator/com.phlox.tvwebbrowser"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/truefedex/tv-bro/pull/182#issue-1901769895"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-27T20:19:41.756Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/actuator/com.phlox.tvwebbrowser"
            },
            {
              "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk"
            },
            {
              "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md"
            },
            {
              "url": "https://github.com/truefedex/tv-bro/pull/182#issue-1901769895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43955",
        "datePublished": "2023-12-27T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-08-02T19:52:11.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43955 (GCVE-0-2023-43955)

    Vulnerability from cvelistv5 – Published: 2023-12-27 00:00 – Updated: 2024-08-02 19:52
    VLAI
    Summary
    The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/actuator/com.phlox.tvwebbrowser"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/truefedex/tv-bro/pull/182#issue-1901769895"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-27T20:19:41.756Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/actuator/com.phlox.tvwebbrowser"
            },
            {
              "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk"
            },
            {
              "url": "https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md"
            },
            {
              "url": "https://github.com/truefedex/tv-bro/pull/182#issue-1901769895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43955",
        "datePublished": "2023-12-27T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-08-02T19:52:11.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }