Filtered by vendor Swiftkey
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4640 | 2 Samsung, Swiftkey | 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more | 2023-12-10 | 2.9 LOW | N/A |
| The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. | |||||
| CVE-2015-4641 | 2 Samsung, Swiftkey | 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more | 2023-12-10 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory. | |||||
| CVE-2014-5722 | 1 Swiftkey | 1 Swiftkey Keyboard \+ Emoji | 2023-12-10 | 5.4 MEDIUM | N/A |
| The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||