CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1350 – Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
https://notcve.org/view.php?id=CVE-2011-1350
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. El controlador PowerVR SGX en Android antes de v2.3.6 permite a atacantes obtener la información potencialmente confidencial de la memoria de pila del núcleo a través de una aplicación que utiliza un parámetro de longitud diseñado en una solicitud al dispositivo pvrsrvkm. • https://www.exploit-db.com/exploits/38310 http://code.google.com/p/android/issues/detail?id=21522 http://jon.oberheide.org/files/levitator.c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1352
https://notcve.org/view.php?id=CVE-2011-1352
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. El controlador PowerVR SGX en Android antes de v2.3.6 permite a atacantes obtener privilegios de administrador a través de una aplicación que provoca corrupción de memoria del núcleo a partir de datos elaborados del usuario al dispositivo pvrsrvkm. • http://code.google.com/p/android/issues/detail?id=21523 http://jon.oberheide.org/files/levitator.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 332EXPL: 0CVE-2013-0751
https://notcve.org/view.php?id=CVE-2013-0751
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. Mozilla Firefox anterior a 18.0 en Android y SeaMonkey anterior a 2.15 no restringen los eventos de "tap" (tocar la pantalla) a un único elemento IFRAME, lo que permite a atacantes remotos obtener información sensible o posiblemente llevar a cabo ataques XSS a través de un documento HTML. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.mozilla.org/security/announce/2013/mfsa2013-06.html https://bugzilla.mozilla.org/show_bug.cgi?id=790454 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16616 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 165EXPL: 0CVE-2012-5286 – flash-plugin: multiple code-execution flaws (APSB12-22)
https://notcve.org/view.php?id=CVE-2012-5286
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Desbordamiento de búfer en Adobe Flash Player anteriores a v10.3.183.29 y 11.x anteriores a v11.4.402.287 on Windows and Mac OS X, anteriores a v10.3.183.29 y v11.x anteriores a v11.2.202.243 en Linux, anteriores a v11.1.111.19 en Android v2.x y v3.x, y anteriores a v11.1.115.20 en Android v4.x; Adobe AIR anteriores a v3.4.0.2710; y Adobe AIR SDK anteriores a v3.4.0.2710 permite a atacantes ejecutar código a través de vectores no especificados, es una vulnerabilidad distinta a otros listados en APSB12-22. • http://osvdb.org/86875 http://www.adobe.com/support/security/bulletins/apsb12-22.html http://www.securityfocus.com/bid/56375 https://exchange.xforce.ibmcloud.com/vulnerabilities/79771 https://access.redhat.com/security/cve/CVE-2012-5286 https://bugzilla.redhat.com/show_bug.cgi?id=864284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 165EXPL: 0CVE-2012-5287 – flash-plugin: multiple code-execution flaws (APSB12-22)
https://notcve.org/view.php?id=CVE-2012-5287
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. Desbordamiento de búfer en Adobe Flash Player anteriores a v10.3.183.29 y 11.x anteriores a v11.4.402.287 on Windows and Mac OS X, anteriores a v10.3.183.29 y v11.x anteriores a v11.2.202.243 en Linux, anteriores a v11.1.111.19 en Android v2.x y v3.x, y anteriores a v11.1.115.20 en Android v4.x; Adobe AIR anteriores a v3.4.0.2710; y Adobe AIR SDK anteriores a v3.4.0.2710 permite a atacantes ejecutar código a través de vectores no especificados, es una vulnerabilidad distinta a otros listados en APSB12-22. • http://osvdb.org/86876 http://www.adobe.com/support/security/bulletins/apsb12-22.html http://www.securityfocus.com/bid/56376 https://exchange.xforce.ibmcloud.com/vulnerabilities/79772 https://access.redhat.com/security/cve/CVE-2012-5287 https://bugzilla.redhat.com/show_bug.cgi?id=864284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •