CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 1CVE-2011-2357 – Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass
https://notcve.org/view.php?id=CVE-2011-2357
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un número de pestañas MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pestaña actual, o (2) realizar dos llamadas a la función startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario aún está asociado con el dominio de destino. • https://www.exploit-db.com/exploits/36006 http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17 http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e http://blog.watchfire.com/files/advisory-android-browser.pdf http://blog.watchfire.com/wfblog/2011/08/android-browser-cross- • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2011-1149
https://notcve.org/view.php?id=CVE-2011-1149
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. • http://android.git.kernel.org/?p=kernel/common.git%3Ba=commit%3Bh=c98a285075f26e2b17a5baa2cb3eb6356a75597e http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=25b15be9120bcdaa0aba622c67ad2c835d9e91ca http://c-skills.blogspot.com/2011/01/adb-trickery-again.html http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2 http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971 https://github.com/tmzt/g2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4041
https://notcve.org/view.php?id=CVE-2010-4041
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. El sandbox implementado en Google Chrome anterior a v7.0.517.41 en Linux no limita adecuadamente los procesos de trabajo, lo que podría permitir a atacantes remotos evitar las restricciones de acceso a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=54794 http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html http://secunia.com/advisories/41888 http://www.securityfocus.com/bid/44241 http://www.vupen.com/english/advisories/2010/2731 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14201 •
CVSS: 10.0EPSS: 96%CPEs: 41EXPL: 1CVE-2010-3563 – Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3563
Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. ... Oracle no ha comentado sobre las alegaciones de un investigador confiable de que esto está relacionado con "cómo Web Start recupera políticas de seguridad", BasicServiceImpl y políticas forjadas que eluden las restricciones sandbox. ... By abusing how Web Start retrieves security policies, an attacker can forge their own and force the removal of sandbox restrictions. • https://www.exploit-db.com/exploits/16495 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/44954 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100123193 http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://w •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2298
https://notcve.org/view.php?id=CVE-2010-2298
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls. browser/renderer_host/database_dispatcher_host.cc en Google Chrome anterior a v5.0.375.70 sobre linux, no maneja adecuadamente los mensajes ViewHostMsg_DatabaseOpenFile en el "sandboxing" chroot-based, lo que permite a atacantes remotos evitar las restricciones establecidas para el sandbox a través de vectores que involucran a las llamadas fchdir y chdir. • http://code.google.com/p/chromium/issues/detail?id=43304 http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html http://secunia.com/advisories/40072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154 • CWE-20: Improper Input Validation •