CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 6CVE-2014-8609 – Android Settings Pendingintent Leak
https://notcve.org/view.php?id=CVE-2014-8609
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. El método addAccount en src/com/android/settings/accounts/AddAccountSettings.java en la aplicación Settings en Android anterior a 5.0.0 no crea correctamente un PendingIntent, lo que permite a atacantes utilizar la uid SYSTEM para emitir un intento con información arbitraria de componentes, acciones o categorías a través de un autenticador tercera parte en una aplicación manipulada, también conocido como Bug 17356824. In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid. • https://github.com/MazX0p/CVE-2014-8609-POC https://github.com/ratiros01/CVE-2014-8609-exploit https://github.com/locisvv/Vulnerable-CVE-2014-8609 http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html http://seclists.org/fulldisclosure/2014/Nov/81 http://xteam.baidu.com/?p=158 https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 96EXPL: 0CVE-2014-6060
https://notcve.org/view.php?id=CVE-2014-6060
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. La función get_option en dhcpcd 4.0.0 hasta 6.x anterior a 6.4.3 permite a servidores DHCP remotos causar una denegación de servicio mediante la restablecimiento de la opción DHO_OPTIONSOVERLOADED en la sección (1) bootfile o (2) servername, lo que provoca que la opción se vuelva a procesar. • http://advisories.mageia.org/MGASA-2014-0334.html http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 http://source.android.com/security/bulletin/2016-04-02.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:171 http://www.openwall.com/lists/oss-security/2014/07/30/5 http://www.openwall.com/lists/oss-security/2014/09/01/11 http://www.securityfocus.com/bid/68970 http://www.slackware.com/security/viewer.php?l=slackware-security&y=20 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2013-6272
https://notcve.org/view.php?id=CVE-2013-6272
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. La clase NotificationBroadcastReceiver en el proceso com.android.phone en Google Android desde la versión 4.1.1 hasta la 4.4.2 permite que los atacantes omitan las restricciones de acceso establecidas y, como consecuencia, realice llamadas telefónicas a números arbitrarios, envíe códigos ussd o mmi o cuelgue llamadas en curso mediante una aplicación manipulada. • http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.html http://seclists.org/fulldisclosure/2014/Jul/13 http://www.securityfocus.com/bid/68415 https://curesec.com/blog/article/blog/35.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94423 • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-3100 – Android KeyStore Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-3100
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. Desbordamiento de buffer basado en pila en la función encode_key en /system/bin/keystore en el servicio KeyStore en Android 4.3 permite a atacantes ejecutar código arbitrario, y como consecuencia obtener información sensible de claves o evadir restricciones en operaciones criptográficas, a través de un nombre de clave largo. • http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overflow.html http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed http://www.securityfocus.com/archive/1/532527/100/0/threaded http://www.securityfocus.com/bid/68152 http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4832
https://notcve.org/view.php?id=CVE-2010-4832
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. Android OS anterior a 2.2 no muestra el certificado SSL correcto en ciertos casos, lo que podría permitir a atacantes remotos falsificar sitios web de confianza a través de una página web que contiene referencias a fuentes externas en las que (1) el certificado del último recurso cargado está comprobado, en lugar de para la página principal, o (2) certificados posteriores no están comprobados cuando la conexión HTTPS está reutilizada. • http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=dba8cb76371960457e91b31fa396478f809a5a34 http://jvn.jp/en/jp/JVN43105011/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34 • CWE-310: Cryptographic Issues •