CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0CVE-2012-0752 – flash-plugin: multiple code execution flaws (APSB12-03)
https://notcve.org/view.php?id=CVE-2012-0752
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion." El programa Adobe Flash Player anterior a la versión 10.3.183.15 y versión 11.x anterior a 11.1.102.62 en Windows, Mac OS X, Linux y Solaris; anterior al 11.1.111.6 en Android versión 2.x y versión 3.x; y anterior a versión 11.1.115.6 en Android versión 4.x, los atacantes pueden ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) impulsando un ataque "type confusion" no especificado. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16103 h • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 5%CPEs: 12EXPL: 0CVE-2011-3874
https://notcve.org/view.php?id=CVE-2011-3874
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. Un desbordamiento de búfer basado en pila en libsysutils en Android v2.2.x hasta la v2.2.2 y v2.3.x hasta la v2.3.6 permite ejecutar código de su elección a los usuarios remotos con la ayuda de usuarios locales, a través de una aplicación que llama al método FrameworkListener::dispatchCommand con un número incorrecto de argumentos, como lo demuestra el exploit zergRush para provocar un error de uso después de liberación. • http://code.google.com/p/android/issues/detail?id=21681 http://www.openwall.com/lists/oss-security/2011/11/08/3 http://www.openwall.com/lists/oss-security/2011/11/08/4 http://www.openwall.com/lists/oss-security/2011/11/10/1 https://github.com/revolutionary/zergRush/blob/master/zergRush.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-2344
https://notcve.org/view.php?id=CVE-2011-2344
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. Android Picasa en Android v3.0 y v2.x hasta v2.3.4 usa sesion HTTP en texto claro cuando se transmite el authToken obtenido de ClientLogin, lo que permite a usuarios remotos ganar privilegios y acceder a imagenes y albumes privados esnifando el token de conexiones con picasaweb.google.com • http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20 http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 12%CPEs: 9EXPL: 1CVE-2010-4804 – Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4804
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. El navegador de Android antes de la v2.3.4 de Android permite a atacantes remotos obtener el contenido de tarjetas SD a través de peticiones content://URIs, en relación con (1) BrowserActivity.java y (2) BrowserSettings.java en com/android/browser. Android versions prior to 2.3.4 suffer from content:// URI information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/18164 http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=f440831d76817e837164ca18c7705e81d2391f87 http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3Ba=commit%3Bh=604a598e1e01bda781600a45e0a971898a582666 http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability http://www.csc.ncsu.edu/faculty/jiang/nexuss.html http://www.securityfocus.com/bid/48256 http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •