CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2013-7372
https://notcve.org/view.php?id=CVE-2013-7372
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. La función engineNextBytes en classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java en la implementación SecureRandom en Apache Harmony hasta 6.0M3, utilizado en Java Cryptography Architecture (JCA) en Android anterior a 4.4 y otros productos, cuando el usuario no proporciona una semilla, la función usa utiliza un valor de desplazamiento incorrecto, lo que facilita a un atacante poder anular los mecanismos de protección criptográfica mediante el aprovechamiento de la previsibilidad PRNG resultante, tal y como se demostró activamente contra las aplicaciones Bitcoin Wallet en agosto 2013. • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java https://bitcoin.org/en/alert/2013-08-11-android • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2013-7373
https://notcve.org/view.php?id=CVE-2013-7373
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. Android anterior a 4.4 no ejecuta debidamente la creación de semillas del PRNG OpenSSL, lo que facilita a atacantes anular mecanismos de protección criptográficos mediante el aprovechamiento del uso del PRNG dentro de múltiples aplicaciones. • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe http://marc.info/?l=openssl-dev&m=130289811108150&w=2 http://marc.info/?l=openssl-dev&m=130298304903422&w=2 http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 1CVE-2013-6775
https://notcve.org/view.php?id=CVE-2013-6775
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. El paquete Chainfire SuperSU anterior a 1.69 para Android permite a atacantes ganar privilegios a través de el tipo de metacaracteres shell (1) backtick o (2) $() en la opción -c hacia /system/xbin/su. • http://www.securityfocus.com/archive/1/529797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1939
https://notcve.org/view.php?id=CVE-2014-1939
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. java/android/webkit/BrowserFrame.java en Android anterior a 4.4 utiliza la API addJavascriptInterface en conjunto con la creación de un objeto de la clase SearchBoxImpl, lo que permite a atacantes ejecutar código Java arbitrario mediante el aprovechamiento del acceso a la interfaz searchBoxJavaBridge_ en ciertos niveles API de Android. • http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html http://openwall.com/lists/oss-security/2014/02/11/2 https://support.lenovo.com/us/en/product_security/len_6421 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 117EXPL: 1CVE-2013-6774 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6774
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Vulnerabilidad de búsqueda de ruta no confiable en el paquete ChainsDD Superuser 3.1.3 para Android 4.2.x y anteriores, el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores y el paquete Chainfire SuperSU anterior a 1.69 para Android 4.2.x y anteriores permite a atacantes cargar un archivo .jar arbitrario y ganar privilegios a través de una variable de entorno BOOTCLASSPATH manipulada para un proceso /system/xbin/su. NOTA: otro investigador fue incapaz de reproducir esto con ChainsDD Superuser. Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. • http://www.securityfocus.com/archive/1/529796 http://www.securityfocus.com/archive/1/529822 •