CVSS: 5.0EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1484
https://notcve.org/view.php?id=CVE-2014-1484
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102870 http://www.mozilla.org/security/announce/2014/mfsa2014-06.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65323 http://www.securitytracker.com/id/1029719 https://bugzilla.mozilla.org/show • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 117EXPL: 1CVE-2013-6774 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6774
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Vulnerabilidad de búsqueda de ruta no confiable en el paquete ChainsDD Superuser 3.1.3 para Android 4.2.x y anteriores, el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores y el paquete Chainfire SuperSU anterior a 1.69 para Android 4.2.x y anteriores permite a atacantes cargar un archivo .jar arbitrario y ganar privilegios a través de una variable de entorno BOOTCLASSPATH manipulada para un proceso /system/xbin/su. NOTA: otro investigador fue incapaz de reproducir esto con ChainsDD Superuser. Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. • http://www.securityfocus.com/archive/1/529796 http://www.securityfocus.com/archive/1/529822 •
CVSS: 5.0EPSS: 0%CPEs: 39EXPL: 1CVE-2013-6768 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6768
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. Vulnerabilidad de búsqueda de ruta no confiable en el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores permite a atacantes provocar el lanzamiento de un programa app_process caballo de troya a través de una variable de entorno PATH manipulada para un proceso /system/xbin/su. Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities. • http://www.securityfocus.com/archive/1/529796 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 10%CPEs: 180EXPL: 0CVE-2013-0790
https://notcve.org/view.php?id=CVE-2013-0790
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox anterior a v20.0 en Android permite a atacantes remotos causar una denegación de servicios (corrupción de pila de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores sin especificar que implica un complemento. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://www.mozilla.org/security/announce/2013/mfsa2013-30.html https://bugzilla.mozilla.org/show_bug.cgi?id=842687 •
CVSS: 10.0EPSS: 1%CPEs: 209EXPL: 0CVE-2013-1375 – flash-plugin: multiple code execution flaws (APSB13-09)
https://notcve.org/view.php?id=CVE-2013-1375
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en la pila en Adobe Flash Player v10.3.183.68 y antes v11.x antes v11.6.602.180 en Windows y Mac OS X, antes v10.3.183.68 y v11.x antes v11.2.202.275 en Linux, antes v11.1.111.44 en Android v2.x v3.x, y antes de v11.1.115.48 en Android v4.x, Adobe AIR v3.6.0.6090 antes; Adobe AIR SDK antes de v3.6.0.6090, y Adobe AIR SDK Compiler antes de v3.6.0.6090 que permite a los atacantes ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0643.html http://www.adobe.com/support/security/bulletins/apsb13-09.html https://access.redhat.com/security/cve/CVE-2013-1375 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •