Vulnerabilities (CVE)

Filtered by vendor Ushareit Subscribe
Filtered by product Shareit
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9939 1 Ushareit 1 Shareit 2024-11-21 5.8 MEDIUM 8.8 HIGH
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.
CVE-2019-9938 1 Ushareit 1 Shareit 2024-11-21 2.9 LOW 5.3 MEDIUM
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."
CVE-2019-15234 1 Ushareit 1 Shareit 2024-11-21 7.8 HIGH 7.5 HIGH
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.
CVE-2019-14941 1 Ushareit 1 Shareit 2024-11-21 7.8 HIGH 7.5 HIGH
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.