VYPR

Android

by Google

CVEs (4,290)

  • CVE-2011-1149Apr 21, 2011
    risk 0.00cvss epss 0.00

    Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and…

  • CVE-2011-0680Jan 31, 2011
    risk 0.00cvss epss 0.02

    data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging…

  • CVE-2009-3698Oct 14, 2009
    risk 0.00cvss epss 0.01

    An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.

  • CVE-2009-2999Oct 14, 2009
    risk 0.00cvss epss 0.01

    The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly…

  • CVE-2009-2656Aug 3, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.

  • CVE-2009-2348Jul 17, 2009
    risk 0.00cvss epss 0.00

    Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a…

  • CVE-2009-1754May 26, 2009
    risk 0.00cvss epss 0.01

    The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote…

  • CVE-2009-0608Feb 17, 2009
    risk 0.00cvss epss 0.00

    Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.

  • CVE-2009-0607Feb 17, 2009
    risk 0.00cvss epss 0.00

    Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.

  • CVE-2009-0606Feb 17, 2009
    risk 0.00cvss epss 0.00

    The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by…

Page 215 of 215