CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3975
https://notcve.org/view.php?id=CVE-2011-3975
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. Determinadas actualizaciones de HTC para Android v2.3.4 BuildGRJ22, cuando se utiliza la interfaz Sense en el dispositivo HTC EVO 3D, EVO 4G, ThunderBolt, y otros dispositivos no especificados, proporcionan la aplicación HtcLoggers.apk, que permite obtener, a atacantes remotos asistidos por el usuario, una lista de números de teléfono de un fichero de log y otra información sensible, aprovechando el permiso 'android.permission.INTERNET' de la aplicación y el establecimiento de sesiones TCP a la IP 127.0.0.1 en el puerto 65511 y un segundo puerto. • http://news.cnet.com/8301-1035_3-20114556-94 http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more http://www.securityfocus.com/bid/49916 http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports https://exchange.xforce.ibmcloud.com/vulnerabilities/70270 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 1CVE-2011-2357 – Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass
https://notcve.org/view.php?id=CVE-2011-2357
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un número de pestañas MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pestaña actual, o (2) realizar dos llamadas a la función startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario aún está asociado con el dominio de destino. Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability. • https://www.exploit-db.com/exploits/36006 http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17 http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e http://blog.watchfire.com/files/advisory-android-browser.pdf http://blog.watchfire.com/wfblog/2011/08/android-browser-cross- • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-2344
https://notcve.org/view.php?id=CVE-2011-2344
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. Android Picasa en Android v3.0 y v2.x hasta v2.3.4 usa sesion HTTP en texto claro cuando se transmite el authToken obtenido de ClientLogin, lo que permite a usuarios remotos ganar privilegios y acceder a imagenes y albumes privados esnifando el token de conexiones con picasaweb.google.com • http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20 http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 12%CPEs: 9EXPL: 1CVE-2010-4804 – Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4804
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. El navegador de Android antes de la v2.3.4 de Android permite a atacantes remotos obtener el contenido de tarjetas SD a través de peticiones content://URIs, en relación con (1) BrowserActivity.java y (2) BrowserSettings.java en com/android/browser. Android versions prior to 2.3.4 suffer from content:// URI information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/18164 http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=f440831d76817e837164ca18c7705e81d2391f87 http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3Ba=commit%3Bh=604a598e1e01bda781600a45e0a971898a582666 http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability http://www.csc.ncsu.edu/faculty/jiang/nexuss.html http://www.securityfocus.com/bid/48256 http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •