CVE-2013-3345 – flash-plugin: Multiple code execution flaws (APSB13-17)
https://notcve.org/view.php?id=CVE-2013-3345
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a 11.7.700.232 y 11.8.x anterior a 11.8.800.94 en Windows y Mac OS X, anterior a 11.2.202.297 en Linux, anterior a 11.1.111.64 en Android 2.x y 3.x,anterior a 11.1.115.69 en Android 4.x, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00021.html http://www.adobe.com/support/security/bulletins/apsb13-17.html https://access.redhat.com/security/cve/CVE-2013-3345 https://bugzilla.redhat.com/show_bug.cgi?id=982749 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4787 – Google Android - 'APK' code Remote Security Bypass
https://notcve.org/view.php?id=CVE-2013-4787
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability. Android v1.6 Donut hasta v4.2 Jelly Bean no comprueban de forma adecuada las firmas criptográficas de las aplicaciones, lo que puede permitir que atacantes ejecuten código a través de una ficheros de empaquetado de aplicaciones (APK) que es manipulado de forma que no viole la firma criptográfica, probablemente incluyendo múltiples entradas en un fichero ZIP con el mismo nombre en el cúal una entrada está validada pero la otra es la que se instala, tambíen conocido como error de seguridad 8219321 y vulnerabilidad "Master Key". • https://www.exploit-db.com/exploits/38627 http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key http://review.cyanogenmod.org/#/c/45251 http://www.osvdb.org/94773 http://www.securityfocus.com/bid/60952 http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782 https://jira.cyanogenmod.org/browse/CYAN-1602 https://plus.google.com/113331808607528811927/posts/GxDA6111vYy • CWE-310: Cryptographic Issues •
CVE-2013-3642
https://notcve.org/view.php?id=CVE-2013-3642
The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. La aplicación Angel Browser 1.47b y anteriores para Android 1.6 a 2.1, 1.62b y anteriores para Android 2.2 a 2.3.4, 1.68b y anteriores para Android 3.0 a4.0.3 y 1.76b y anteriores para Android 4.1 a4.2, no implementan adecuadamente la clase WebView lo que permite a atacantes obtener información sensible a través de una aplicación manipulada. • http://jvn.jp/en/jp/JVN79301570/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3343 – flash-plugin: code execution flaw (APSB13-16)
https://notcve.org/view.php?id=CVE-2013-3343
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a v10.3.183.90 y v11.x anterior a v11.7.700.224 en Windows, anterior a v10.3.183.90 y v11.x anterior a v11.7.700.225 en Mac OS X, anterior a v10.3.183.90 y v11.x anterior a11.2.202.291 en Linux, anterior a v11.1.111.59 en Android v2.x y v3.x, y anterior a 11.1.115.63 en Android v4.x; Adobe AIR anterior a v3.7.0.2090 en Windows y Android y anterior a v3.7.0.2100 en Mac OS X; y Adobe AIR SDK & Compiler anterior a v3.7.0.2090 en Windows y anterior a v3.7.0.2100 en Mac OS X permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00016.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00164.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00179.html http://rhn.redhat.com/errata/RHSA-2013-0941.html http://www.adobe.com/support/security/bulletins/apsb13-16.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17030 https://access.redhat.com/security/cve/CVE-2013-3343 https://bugzilla.redhat.com/sh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2317
https://notcve.org/view.php?id=CVE-2013-2317
The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. La aplicación Sleipnir Mobile v2.9.1 y anteriores y Sleipnir Mobile Black Edition v2.9.1 y anteriores para Android permite a atacantes remotos falsificar la barra de direcciones mediante vectores que comprenden abrir una nueva ventana. • http://jvn.jp/en/jp/JVN22756333/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000046 •