CVSS: 6.5EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1484 – Firefox for Android Information Leak
https://notcve.org/view.php?id=CVE-2014-1484
06 Feb 2014 — Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. A series of vulnerabilities have been discovered in Firefox for Android that allows a m... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-0803
https://notcve.org/view.php?id=CVE-2014-0803
12 Jan 2014 — Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorios en la aplicación tetra filer 2.3.1 y anteriores para Android 4.0.3, tetra fi... • http://jvn.jp/en/jp/JVN51285738/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 2CVE-2013-6271 – AndroidOS 4.3 Permission Bypass
https://notcve.org/view.php?id=CVE-2013-6271
29 Nov 2013 — Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. Android 4.0 a 4.3, permite a atacantes eludir las restricciones de acceso previstas y eliminar los bloqueos del dispositivo a través de una aplicación manipulada que invoca el método updateUnlockMethodAndFinish en la clase com.andro... • http://seclists.org/fulldisclosure/2013/Nov/204 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 117EXPL: 2CVE-2013-6774 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6774
14 Nov 2013 — Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Vulnerabilidad de ... • https://packetstorm.news/files/id/124015 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2013-6770 – Android 4.3 Superuser Root Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-6770
14 Nov 2013 — The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. El paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.3 y 4.4 no restringe debidamente el conjunto de usuarios que pueden ejecutar /system/xbin/su con la opción --da... • https://packetstorm.news/files/id/124020 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 2CVE-2013-6768 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6768
14 Nov 2013 — Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. Vulnerabilidad de búsqueda de ruta no confiable en el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores permite a atacantes provocar el lanzamiento de un programa app_process caballo de troya a t... • https://packetstorm.news/files/id/124015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5933
https://notcve.org/view.php?id=CVE-2013-5933
25 Sep 2013 — Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. Desbordamiento de búfer basado en pila en la función sub_E110 de una determinada configuración de Android 2.3.7 e... • http://twitter.com/djrbliss/statuses/382632926946402304 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4777
https://notcve.org/view.php?id=CVE-2013-4777
25 Sep 2013 — A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. Una configuración concreta en Android v2.3.7 en el teléfono Motorola Defy XT para Republic Wireless utiliza init para crear un socket dev/socket/init_runit que escuche comandos de sistema, lo que permite a usuarios locales conseguir privilegios med... • https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 13EXPL: 0CVE-2013-5324 – flash-plugin: multiple code execution flaws (APSB13-21)
https://notcve.org/view.php?id=CVE-2013-5324
11 Sep 2013 — Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. Adobe Flash Player anterior a 11.... • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 13EXPL: 0CVE-2013-3361 – flash-plugin: multiple code execution flaws (APSB13-21)
https://notcve.org/view.php?id=CVE-2013-3361
11 Sep 2013 — Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324. Adobe Flash Player anterior a 11.... • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •