CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2014-1909
https://notcve.org/view.php?id=CVE-2014-1909
Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow. Error de signo de enteros en system/core/adb/adb_client.c en Android Debug Bridge (ADB) para Android 4.4 en las herramientas de plataforma de Android SDK 18.0.1 permite a servidores ADB ejecutar código arbitrario a través de un valor de longitud negativo, lo que evade una comparación de signo y provoca un desbordamiento de buffer basado en pila. • http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html http://seclists.org/oss-sec/2014/q1/291 http://www.securityfocus.com/bid/65403 https://exchange.xforce.ibmcloud.com/vulnerabilities/91291 • CWE-189: Numeric Errors •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5564
https://notcve.org/view.php?id=CVE-2012-5564
android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. android-tools v4.1.1 en Android Debug Bridge permite a usuarios locales sobrescribir ficheros creando un enlace simbólico a /tmp/adb.log. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098527.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098529.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098532.html http://www.openwall.com/lists/oss-security/2012/11/23/1 http://www.openwall.com/lists/oss-security/2012/11/23/8 http://www.securityfocus.com/bid/56653 https://bugzilla.redhat.com/show • CWE-59: Improper Link Resolution Before File Access ('Link Following') •