CVSS: 7.2EPSS: 0%CPEs: 45EXPL: 3CVE-2014-7911 – Android CVE-2014-7911 / CVE-2014-4322 Local Exploit
https://notcve.org/view.php?id=CVE-2014-7911
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. luni/src/main/java/java/io/ObjectInputStream.java en la implementación java.io.ObjectInputStream en Android anterior a 5.0.0 no verifica que la deserialización resultará en un objeto que reunió los requisitos para la serialización, lo que permite a atacantes ejecutar código arbitrario a través de un método de finalizar para un objeto serializado en un paquete ArrayMap dentor de un intento enviado a system_service, tal y como fue demostrado por el método de finalizar de android.os.BinderProxy, también conocido como Bug 15874291. • https://github.com/ele7enxxh/CVE-2014-7911 https://github.com/koozxcv/CVE-2014-7911-CVE-2014-4322_get_root_privilege https://github.com/koozxcv/CVE-2014-7911 http://seclists.org/fulldisclosure/2014/Nov/51 https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 4CVE-2014-8507 – Android WAPPushManager - SQL Injection
https://notcve.org/view.php?id=CVE-2014-8507
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. Múltiples vulnerabilidades de inyección SQL en el método queryLastApp en packages/WAPPushManager/src/com/android/smspush/WapPushManager.java en el módulo WAPPushManager en Android anterior a 5.0.0 permiten a atacantes remotos ejecutar comandos SQL arbitrarios, y como consecuencia lanzar una actividad o servicio, a través del campo (1) wapAppId o (2) contentType de un PDU para un mensaje WAPPush malformado, también conocido como Bug 17969135. • https://www.exploit-db.com/exploits/35382 http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Nov/86 http://www.securityfocus.com/bid/71310 http://xteam.baidu.com/?p=167 https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.3EPSS: 0%CPEs: 45EXPL: 4CVE-2014-8610 – Android SMS Resend
https://notcve.org/view.php?id=CVE-2014-8610
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. AndroidManifest.xml en Android anterior a 5.0.0 no requiere el permiso SEND_SMS para el recibidor SmsReceiver, lo que permite a atacantes remotos enviar mensajes SMS almacenados, y como consecuencia trasmitir nuevos mensajes SMS del borrador o provocar adicionales cobros por mensajes de un operador de la red para mensajes viejos, a través de una aplicación manipulada que emite un intento con la acción com.android.mms.transaction.MESSAGE_SENT, también conocido como Bug 17671795. Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone. • http://packetstormsecurity.com/files/129282/Android-SMS-Resend.html http://seclists.org/fulldisclosure/2014/Dec/8 http://seclists.org/fulldisclosure/2014/Nov/85 http://xteam.baidu.com/?p=164 https://android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67 https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 6CVE-2014-8609 – Android Settings Pendingintent Leak
https://notcve.org/view.php?id=CVE-2014-8609
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. El método addAccount en src/com/android/settings/accounts/AddAccountSettings.java en la aplicación Settings en Android anterior a 5.0.0 no crea correctamente un PendingIntent, lo que permite a atacantes utilizar la uid SYSTEM para emitir un intento con información arbitraria de componentes, acciones o categorías a través de un autenticador tercera parte en una aplicación manipulada, también conocido como Bug 17356824. In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid. • https://github.com/MazX0p/CVE-2014-8609-POC https://github.com/ratiros01/CVE-2014-8609-exploit https://github.com/locisvv/Vulnerable-CVE-2014-8609 http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html http://seclists.org/fulldisclosure/2014/Nov/81 http://xteam.baidu.com/?p=158 https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 96EXPL: 0CVE-2014-6060
https://notcve.org/view.php?id=CVE-2014-6060
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. La función get_option en dhcpcd 4.0.0 hasta 6.x anterior a 6.4.3 permite a servidores DHCP remotos causar una denegación de servicio mediante la restablecimiento de la opción DHO_OPTIONSOVERLOADED en la sección (1) bootfile o (2) servername, lo que provoca que la opción se vuelva a procesar. • http://advisories.mageia.org/MGASA-2014-0334.html http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 http://source.android.com/security/bulletin/2016-04-02.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:171 http://www.openwall.com/lists/oss-security/2014/07/30/5 http://www.openwall.com/lists/oss-security/2014/09/01/11 http://www.securityfocus.com/bid/68970 http://www.slackware.com/security/viewer.php?l=slackware-security&y=20 • CWE-399: Resource Management Errors •