VYPR

Android

by Google

CVEs (4,290)

  • CVE-2014-6060Sep 4, 2014
    risk 0.00cvss epss 0.00

    The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

  • CVE-2014-3100Jul 2, 2014
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a…

  • CVE-2010-4832May 14, 2014
    risk 0.00cvss epss 0.01

    Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked,…

  • CVE-2013-7373Apr 29, 2014
    risk 0.00cvss epss 0.01

    Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.

  • CVE-2013-7372Apr 29, 2014
    risk 0.00cvss epss 0.02

    The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in…

  • CVE-2013-6770Mar 31, 2014
    risk 0.00cvss epss 0.01

    The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux…

  • CVE-2014-1939Mar 3, 2014
    risk 0.00cvss epss 0.01

    java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at…

  • CVE-2013-5933Sep 25, 2013
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the…

  • CVE-2013-4777Sep 25, 2013
    risk 0.00cvss epss 0.00

    A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object.

  • CVE-2013-3666May 29, 2013
    risk 0.00cvss epss 0.00

    The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi…

  • CVE-2011-1352Feb 5, 2013
    risk 0.00cvss epss 0.00

    The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

  • CVE-2012-4222Nov 30, 2012
    risk 0.00cvss epss 0.01

    drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.

  • CVE-2012-4221Nov 30, 2012
    risk 0.00cvss epss 0.02

    Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local…

  • CVE-2012-4220Nov 30, 2012
    risk 0.00cvss epss 0.03

    diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments…

  • CVE-2012-3979Aug 29, 2012
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

  • CVE-2011-4276Jan 25, 2012
    risk 0.00cvss epss 0.01

    The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

  • CVE-2011-3881Oct 25, 2011
    risk 0.00cvss epss 0.02

    WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the…

  • CVE-2011-3975Oct 3, 2011
    risk 0.00cvss epss 0.01

    A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers…

  • CVE-2008-7298Aug 9, 2011
    risk 0.00cvss epss 0.01

    The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict…

  • CVE-2011-2344Jul 8, 2011
    risk 0.00cvss epss 0.01

    Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with…

Page 214 of 215