Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid1.5

16 matches found

CVE
CVEadded 2010/09/10 7:0 p.m.165 views

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related...

9.3CVSS8.9AI score0.80553EPSS
CVE
CVEadded 2011/04/21 10:55 a.m.61 views

CVE-2011-1149

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK...

7.2CVSS6.8AI score0.00035EPSS
CVE
CVEadded 2009/05/26 3:30 p.m.60 views

CVE-2009-1754

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attacker...

4.3CVSS6.8AI score0.0019EPSS
CVE
CVEadded 2009/08/03 6:30 p.m.55 views

CVE-2009-2656

Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.

5CVSS6.5AI score0.01192EPSS
CVE
CVEadded 2012/10/07 3:55 p.m.55 views

CVE-2011-3918

The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.

7.8CVSS6.7AI score0.10066EPSS
CVE
CVEadded 2014/05/14 12:55 a.m.53 views

CVE-2010-4832

Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main pa...

4.3CVSS6.7AI score0.00187EPSS
CVE
CVEadded 2009/07/17 4:30 p.m.52 views

CVE-2009-2348

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request ...

6.9CVSS6.3AI score0.00046EPSS
Web
CVE
CVEadded 2011/06/09 10:36 a.m.52 views

CVE-2010-4804

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

4.3CVSS6.7AI score0.64162EPSS
Web
CVE
CVEadded 2013/02/05 3:55 p.m.52 views

CVE-2011-1350

The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.

7.1CVSS5.8AI score0.04051EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.51 views

CVE-2009-2999

The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to C...

4.3CVSS6.6AI score0.01192EPSS
CVE
CVEadded 2014/04/29 8:55 p.m.45 views

CVE-2013-7373

Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.

7.5CVSS6.7AI score0.00228EPSS
CVE
CVEadded 2014/12/15 6:59 p.m.44 views

CVE-2014-7911

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finaliz...

7.2CVSS7AI score0.83885EPSS
Web
CVE
CVEadded 2011/01/31 8:0 p.m.41 views

CVE-2011-0680

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.

5CVSS6.7AI score0.00893EPSS
CVE
CVEadded 2013/02/05 3:55 p.m.40 views

CVE-2011-1352

The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

6.9CVSS6.9AI score0.0002EPSS
CVE
CVEadded 2014/12/15 6:59 p.m.40 views

CVE-2014-8507

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via...

7.5CVSS8.5AI score0.03404EPSS
Web
CVE
CVEadded 2014/12/15 6:59 p.m.36 views

CVE-2014-8610

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old...

3.3CVSS6.6AI score0.00061EPSS
Web