CVE-2013-3344 – flash-plugin: Multiple code execution flaws (APSB13-17)
https://notcve.org/view.php?id=CVE-2013-3344
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de memoria dinámica en Adobe Flash Player anterior a 11.7.700.232 y 11.8.x anterior a 11.8.800.94 en Windows y Mac OS X, anterior a 11.2.202.297 en Linux, anterior a 11.1.111.64 en Android 2.x y 3.x,anterior a 11.1.115.69 en Android 4.x, permite a atacantes ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00021.html http://www.adobe.com/support/security/bulletins/apsb13-17.html http://www.securityfocus.com/bid/61043 https://access.redhat.com/security/cve/CVE-2013-3344 https://bugzilla.redhat.com/show_bug.cgi?id=982749 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3347 – Adobe Flash Player Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3347
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. Desbordamiento de entero en Adobe Flash Player anterior a 11.7.700.232 y 11.8.x anterior a 11.8.800.94 en Windows y Mac OS X, anterior a 11.2.202.297 en Linux, anterior a 11.1.111.64 en Android 2.x y 3.x,anterior a 11.1.115.69 en Android 4.x, permite a atacantes ejecutar código arbitrario a través de datos PCM que no son manejados correctamente durante el "resampling". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the PCM processing code. By providing a malformed audio sample through ActionScript3, an attacker can cause an integer overflow. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00021.html http://www.adobe.com/support/security/bulletins/apsb13-17.html https://access.redhat.com/security/cve/CVE-2013-3347 https://bugzilla.redhat.com/show_bug.cgi?id=982749 • CWE-189: Numeric Errors •
CVE-2013-3345 – flash-plugin: Multiple code execution flaws (APSB13-17)
https://notcve.org/view.php?id=CVE-2013-3345
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a 11.7.700.232 y 11.8.x anterior a 11.8.800.94 en Windows y Mac OS X, anterior a 11.2.202.297 en Linux, anterior a 11.1.111.64 en Android 2.x y 3.x,anterior a 11.1.115.69 en Android 4.x, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00021.html http://www.adobe.com/support/security/bulletins/apsb13-17.html https://access.redhat.com/security/cve/CVE-2013-3345 https://bugzilla.redhat.com/show_bug.cgi?id=982749 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4787 – Google Android - 'APK' code Remote Security Bypass
https://notcve.org/view.php?id=CVE-2013-4787
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability. Android v1.6 Donut hasta v4.2 Jelly Bean no comprueban de forma adecuada las firmas criptográficas de las aplicaciones, lo que puede permitir que atacantes ejecuten código a través de una ficheros de empaquetado de aplicaciones (APK) que es manipulado de forma que no viole la firma criptográfica, probablemente incluyendo múltiples entradas en un fichero ZIP con el mismo nombre en el cúal una entrada está validada pero la otra es la que se instala, tambíen conocido como error de seguridad 8219321 y vulnerabilidad "Master Key". • https://www.exploit-db.com/exploits/38627 http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key http://review.cyanogenmod.org/#/c/45251 http://www.osvdb.org/94773 http://www.securityfocus.com/bid/60952 http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782 https://jira.cyanogenmod.org/browse/CYAN-1602 https://plus.google.com/113331808607528811927/posts/GxDA6111vYy • CWE-310: Cryptographic Issues •
CVE-2013-3642
https://notcve.org/view.php?id=CVE-2013-3642
The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. La aplicación Angel Browser 1.47b y anteriores para Android 1.6 a 2.1, 1.62b y anteriores para Android 2.2 a 2.3.4, 1.68b y anteriores para Android 3.0 a4.0.3 y 1.76b y anteriores para Android 4.1 a4.2, no implementan adecuadamente la clase WebView lo que permite a atacantes obtener información sensible a través de una aplicación manipulada. • http://jvn.jp/en/jp/JVN79301570/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •