Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4
CVE-2024-45240
- EPSS 0.06%
- Veröffentlicht 24.08.2024 23:15:04
- Zuletzt bearbeitet 05.11.2024 22:35:10
The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by...
8.8
CVE-2022-28799
- EPSS 2.67%
- Veröffentlicht 02.06.2022 14:15:46
- Zuletzt bearbeitet 21.11.2024 06:57:57
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript ...
6.5
CVE-2019-14319
- EPSS 1.45%
- Veröffentlicht 04.09.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:26:29
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
1