CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-3100 – Android KeyStore Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-3100
23 Jun 2014 — Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. Desbordamiento de buffer basado en pila en la función encode_key en /system/bin/keystore en el servicio KeyStore en Android 4.3 permite a atacantes ejecutar código arbitrario, y como consecuencia obtener información se... • https://packetstorm.news/files/id/127185 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4832
https://notcve.org/view.php?id=CVE-2010-4832
14 May 2014 — Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. Android OS anterior a 2.2 no muestra el certificado SSL correcto en ciertos casos, lo que podría permitir a atacantes remotos fals... • http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=dba8cb76371960457e91b31fa396478f809a5a34 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2013-7373
https://notcve.org/view.php?id=CVE-2013-7373
29 Apr 2014 — Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. Android anterior a 4.4 no ejecuta debidamente la creación de semillas del PRNG OpenSSL, lo que facilita a atacantes anular mecanismos de protección criptográficos mediante el aprovechamiento del uso del PRNG dentro de múltiples aplicaciones. • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2013-7372
https://notcve.org/view.php?id=CVE-2013-7372
29 Apr 2014 — The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictabil... • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 1CVE-2013-6775
https://notcve.org/view.php?id=CVE-2013-6775
30 Mar 2014 — The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. El paquete Chainfire SuperSU anterior a 1.69 para Android permite a atacantes ganar privilegios a través de el tipo de metacaracteres shell (1) backtick o (2) $() en la opción -c hacia /system/xbin/su. • http://www.securityfocus.com/archive/1/529797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 61EXPL: 0CVE-2014-1977
https://notcve.org/view.php?id=CVE-2014-1977
19 Mar 2014 — The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. La aplicación de correo NTT DOCOMO sp mode 6300 y anteriores para Android 4.0.x y 6700 y anteriores para Android 4.1 hasta 4.4 utiliza permisos débiles para adjuntos durante el procesamiento de mensajes email entrantes, l... • http://jvn.jp/en/jp/JVN81739241/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-1978
https://notcve.org/view.php?id=CVE-2014-1978
19 Mar 2014 — The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. La interfaz de enlace de aplicación en la aplicación de correo NTT DOCOMO sp mode 6100 hasta 6300 para Android 4.0.x y 6130 hasta 6700 para Android 4.1 hasta 4.4 escribe contenido de mensajes en la tarjeta... • http://jvn.jp/en/jp/JVN05951929/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2014-1979
https://notcve.org/view.php?id=CVE-2014-1979
19 Mar 2014 — The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. La aplicación de correo NTT DOCOMO sp mode 5900 hasta 6300 para Android 4.0.x y 6000 hasta 6620 para Android 4.1 hasta 4.4 permite a atacantes remotos ejecutar métodos Java arbitrarios a través de datos POP Deco-mail emoticon en un mensaje de email. • http://jvn.jp/en/jp/JVN89260331/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 14EXPL: 3CVE-2013-4710 – Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution
https://notcve.org/view.php?id=CVE-2013-4710
03 Mar 2014 — Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. Android 3.0 hasta 4.1.x en Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, y otros dispositivos no implementa debidamente ... • https://www.exploit-db.com/exploits/41675 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1939
https://notcve.org/view.php?id=CVE-2014-1939
03 Mar 2014 — java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. java/android/webkit/BrowserFrame.java en Android anterior a 4.4 utiliza la API addJavascriptInterface en conjunto con la creación de un objeto de la clase SearchBoxImpl, lo que permite a atacantes ejecutar... • http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •