CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2013-6272 – Android OS Authorization Missing
https://notcve.org/view.php?id=CVE-2013-6272
05 Jul 2014 — The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. La clase NotificationBroadcastReceiver en el proceso com.android.phone en Google Android desde la versión 4.1.1 hasta la 4.4.2 permite que los atacantes omitan las restricciones de acceso establecidas y, como conse... • http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2013-7373
https://notcve.org/view.php?id=CVE-2013-7373
29 Apr 2014 — Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. Android anterior a 4.4 no ejecuta debidamente la creación de semillas del PRNG OpenSSL, lo que facilita a atacantes anular mecanismos de protección criptográficos mediante el aprovechamiento del uso del PRNG dentro de múltiples aplicaciones. • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2013-7372
https://notcve.org/view.php?id=CVE-2013-7372
29 Apr 2014 — The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictabil... • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 1CVE-2013-6775
https://notcve.org/view.php?id=CVE-2013-6775
30 Mar 2014 — The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. El paquete Chainfire SuperSU anterior a 1.69 para Android permite a atacantes ganar privilegios a través de el tipo de metacaracteres shell (1) backtick o (2) $() en la opción -c hacia /system/xbin/su. • http://www.securityfocus.com/archive/1/529797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 61EXPL: 0CVE-2014-1977
https://notcve.org/view.php?id=CVE-2014-1977
19 Mar 2014 — The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. La aplicación de correo NTT DOCOMO sp mode 6300 y anteriores para Android 4.0.x y 6700 y anteriores para Android 4.1 hasta 4.4 utiliza permisos débiles para adjuntos durante el procesamiento de mensajes email entrantes, l... • http://jvn.jp/en/jp/JVN81739241/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-1978
https://notcve.org/view.php?id=CVE-2014-1978
19 Mar 2014 — The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. La interfaz de enlace de aplicación en la aplicación de correo NTT DOCOMO sp mode 6100 hasta 6300 para Android 4.0.x y 6130 hasta 6700 para Android 4.1 hasta 4.4 escribe contenido de mensajes en la tarjeta... • http://jvn.jp/en/jp/JVN05951929/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2014-1979
https://notcve.org/view.php?id=CVE-2014-1979
19 Mar 2014 — The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. La aplicación de correo NTT DOCOMO sp mode 5900 hasta 6300 para Android 4.0.x y 6000 hasta 6620 para Android 4.1 hasta 4.4 permite a atacantes remotos ejecutar métodos Java arbitrarios a través de datos POP Deco-mail emoticon en un mensaje de email. • http://jvn.jp/en/jp/JVN89260331/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 14EXPL: 3CVE-2013-4710 – Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution
https://notcve.org/view.php?id=CVE-2013-4710
03 Mar 2014 — Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. Android 3.0 hasta 4.1.x en Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, y otros dispositivos no implementa debidamente ... • https://www.exploit-db.com/exploits/41675 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1939
https://notcve.org/view.php?id=CVE-2014-1939
03 Mar 2014 — java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. java/android/webkit/BrowserFrame.java en Android anterior a 4.4 utiliza la API addJavascriptInterface en conjunto con la creación de un objeto de la clase SearchBoxImpl, lo que permite a atacantes ejecutar... • http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 2CVE-2013-6271 – AndroidOS 4.3 Permission Bypass
https://notcve.org/view.php?id=CVE-2013-6271
29 Nov 2013 — Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. Android 4.0 a 4.3, permite a atacantes eludir las restricciones de acceso previstas y eliminar los bloqueos del dispositivo a través de una aplicación manipulada que invoca el método updateUnlockMethodAndFinish en la clase com.andro... • http://seclists.org/fulldisclosure/2013/Nov/204 • CWE-264: Permissions, Privileges, and Access Controls •