This page lists publicly disclosed CVE vulnerabilities affecting ushareit shareit (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-15234 | SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941. | [email protected] | 7.5 | 0.37% | 2020-04-27 | 2024-11-21 |
| CVE-2019-14941 | SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | [email protected] | 7.5 | 0.37% | 2020-04-27 | 2024-11-21 |
| CVE-2019-9939 | The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. | [email protected] | 8.8 | 0.33% | 2019-03-22 | 2024-11-21 |
| CVE-2019-9938 | The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | [email protected] | 5.3 | 0.16% | 2019-03-22 | 2024-11-21 |