CVSS: 9.3EPSS: 97%CPEs: 10EXPL: 1CVE-2012-0754 – Adobe Flash Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-0754
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player antes de v10.3.183.15 y v11.x antes de v11.1.102.62 en Windows, Mac OS X, Linux y Solaris, y antes de v11.1.111.6 en Android v2.x y v3.x, y antes de v11.1.115.6 en Android v4.x permite a los atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. • https://www.exploit-db.com/exploits/18572 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15030 https://oval.cisecurity.org/repository/search& • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 5%CPEs: 12EXPL: 0CVE-2011-3874
https://notcve.org/view.php?id=CVE-2011-3874
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. Un desbordamiento de búfer basado en pila en libsysutils en Android v2.2.x hasta la v2.2.2 y v2.3.x hasta la v2.3.6 permite ejecutar código de su elección a los usuarios remotos con la ayuda de usuarios locales, a través de una aplicación que llama al método FrameworkListener::dispatchCommand con un número incorrecto de argumentos, como lo demuestra el exploit zergRush para provocar un error de uso después de liberación. • http://code.google.com/p/android/issues/detail?id=21681 http://www.openwall.com/lists/oss-security/2011/11/08/3 http://www.openwall.com/lists/oss-security/2011/11/08/4 http://www.openwall.com/lists/oss-security/2011/11/10/1 https://github.com/revolutionary/zergRush/blob/master/zergRush.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-2344
https://notcve.org/view.php?id=CVE-2011-2344
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. Android Picasa en Android v3.0 y v2.x hasta v2.3.4 usa sesion HTTP en texto claro cuando se transmite el authToken obtenido de ClientLogin, lo que permite a usuarios remotos ganar privilegios y acceder a imagenes y albumes privados esnifando el token de conexiones con picasaweb.google.com • http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20 http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 12%CPEs: 9EXPL: 1CVE-2010-4804 – Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4804
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. El navegador de Android antes de la v2.3.4 de Android permite a atacantes remotos obtener el contenido de tarjetas SD a través de peticiones content://URIs, en relación con (1) BrowserActivity.java y (2) BrowserSettings.java en com/android/browser. Android versions prior to 2.3.4 suffer from content:// URI information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/18164 http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=f440831d76817e837164ca18c7705e81d2391f87 http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3Ba=commit%3Bh=604a598e1e01bda781600a45e0a971898a582666 http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability http://www.csc.ncsu.edu/faculty/jiang/nexuss.html http://www.securityfocus.com/bid/48256 http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •