CVSS: 9.3EPSS: 5%CPEs: 12EXPL: 0CVE-2011-3874
https://notcve.org/view.php?id=CVE-2011-3874
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. Un desbordamiento de búfer basado en pila en libsysutils en Android v2.2.x hasta la v2.2.2 y v2.3.x hasta la v2.3.6 permite ejecutar código de su elección a los usuarios remotos con la ayuda de usuarios locales, a través de una aplicación que llama al método FrameworkListener::dispatchCommand con un número incorrecto de argumentos, como lo demuestra el exploit zergRush para provocar un error de uso después de liberación. • http://code.google.com/p/android/issues/detail?id=21681 http://www.openwall.com/lists/oss-security/2011/11/08/3 http://www.openwall.com/lists/oss-security/2011/11/08/4 http://www.openwall.com/lists/oss-security/2011/11/10/1 https://github.com/revolutionary/zergRush/blob/master/zergRush.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4276
https://notcve.org/view.php?id=CVE-2011-4276
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. El servicio de Bluetooth (com/android/phone/BluetoothHeadsetService.java)en Android v2.3 anterior a v2.3.6 permite a atacantes remotos dentro de la gama Bluetooth para obtener datos de contacto a través de una agenda en la transferencia. • http://code.google.com/p/android/issues/detail?id=21347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3975
https://notcve.org/view.php?id=CVE-2011-3975
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. Determinadas actualizaciones de HTC para Android v2.3.4 BuildGRJ22, cuando se utiliza la interfaz Sense en el dispositivo HTC EVO 3D, EVO 4G, ThunderBolt, y otros dispositivos no especificados, proporcionan la aplicación HtcLoggers.apk, que permite obtener, a atacantes remotos asistidos por el usuario, una lista de números de teléfono de un fichero de log y otra información sensible, aprovechando el permiso 'android.permission.INTERNET' de la aplicación y el establecimiento de sesiones TCP a la IP 127.0.0.1 en el puerto 65511 y un segundo puerto. • http://news.cnet.com/8301-1035_3-20114556-94 http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more http://www.securityfocus.com/bid/49916 http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports https://exchange.xforce.ibmcloud.com/vulnerabilities/70270 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 1CVE-2011-2357 – Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass
https://notcve.org/view.php?id=CVE-2011-2357
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un número de pestañas MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pestaña actual, o (2) realizar dos llamadas a la función startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario aún está asociado con el dominio de destino. Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability. • https://www.exploit-db.com/exploits/36006 http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17 http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e http://blog.watchfire.com/files/advisory-android-browser.pdf http://blog.watchfire.com/wfblog/2011/08/android-browser-cross- • CWE-20: Improper Input Validation •