CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2013-3642
https://notcve.org/view.php?id=CVE-2013-3642
The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. La aplicación Angel Browser 1.47b y anteriores para Android 1.6 a 2.1, 1.62b y anteriores para Android 2.2 a 2.3.4, 1.68b y anteriores para Android 3.0 a4.0.3 y 1.76b y anteriores para Android 4.1 a4.2, no implementan adecuadamente la clase WebView lo que permite a atacantes obtener información sensible a través de una aplicación manipulada. • http://jvn.jp/en/jp/JVN79301570/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1350 – Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
https://notcve.org/view.php?id=CVE-2011-1350
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. El controlador PowerVR SGX en Android antes de v2.3.6 permite a atacantes obtener la información potencialmente confidencial de la memoria de pila del núcleo a través de una aplicación que utiliza un parámetro de longitud diseñado en una solicitud al dispositivo pvrsrvkm. • https://www.exploit-db.com/exploits/38310 http://code.google.com/p/android/issues/detail?id=21522 http://jon.oberheide.org/files/levitator.c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1352
https://notcve.org/view.php?id=CVE-2011-1352
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. El controlador PowerVR SGX en Android antes de v2.3.6 permite a atacantes obtener privilegios de administrador a través de una aplicación que provoca corrupción de memoria del núcleo a partir de datos elaborados del usuario al dispositivo pvrsrvkm. • http://code.google.com/p/android/issues/detail?id=21523 http://jon.oberheide.org/files/levitator.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 1CVE-2011-3918 – Android Zygote - Socket and Fork Bomb (Denial of Service)
https://notcve.org/view.php?id=CVE-2011-3918
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. El proceso Zygote en Android v4.0.3 y anteriores acepta peticiones bifurcadas de procesos con diversos UIDs, lo que permite a atacantes remotos provocar una denegación de servicio (bucle de reinicio) a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/28957 http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42b • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •