Android@* Security Vulnerabilities and Issues — Android@* CVE List

Lucene search

GoogleAndroid*

7 matches found

CVE•added 2011/05/16 5:55 p.m.•711 views

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allow...

4.3CVSS7.7AI score0.50389EPSS

CVE•added 2011/06/09 10:36 a.m.•711 views

CVE-2011-1823

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::hand...

7.8CVSS7.5AI score0.69256EPSS

CVE•added 2011/08/09 7:55 p.m.•83 views

CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS)...

5.8CVSS6.6AI score0.00228EPSS

CVE•added 2011/10/25 7:55 p.m.•60 views

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedProperty...

4.3CVSS5.4AI score0.00502EPSS

CVE•added 2011/04/21 10:55 a.m.•59 views

CVE-2011-1149

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK...

7.2CVSS6.8AI score0.00035EPSS

CVE•added 2011/06/09 10:36 a.m.•49 views

CVE-2010-4804

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

4.3CVSS6.7AI score0.64162EPSS

CVE•added 2011/01/31 8:0 p.m.•40 views

CVE-2011-0680

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.

5CVSS6.7AI score0.00893EPSS