Swiftkey SDK

CPE Details

Swiftkey SDK
swiftkey
swiftkey_sdk
-
2015-06-22
11h53 +00:00
2015-06-22
12h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:swiftkey:swiftkey_sdk:-:*:*:*:*:*:*:*

Informations

Vendor

swiftkey

Product

swiftkey_sdk

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-4640 2015-06-19 12h00 +00:00 The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.
2.9
CVE-2015-4641 2015-06-19 12h00 +00:00 Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
6.4