Android@4.3 Security Vulnerabilities and Issues — Android@4.3 CVE List

Lucene search

GoogleAndroid4.3

8 matches found

CVE•added 2014/04/29 8:55 p.m.•70 views

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and...

5CVSS6.8AI score0.00841EPSS

CVE•added 2014/04/29 8:55 p.m.•44 views

CVE-2013-7373

Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.

7.5CVSS6.7AI score0.00228EPSS

CVE•added 2014/07/02 4:14 a.m.•44 views

CVE-2014-3100

Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.

5.1CVSS7.5AI score0.01042EPSS

CVE•added 2014/12/15 6:59 p.m.•42 views

CVE-2014-8609

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category info...

7.2CVSS6.4AI score0.00473EPSS

CVE•added 2014/03/03 4:50 a.m.•41 views

CVE-2014-1939

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API ...

7.5CVSS7.1AI score0.00193EPSS

CVE•added 2014/12/15 6:59 p.m.•41 views

CVE-2014-7911

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finaliz...

7.2CVSS7AI score0.83885EPSS

CVE•added 2014/12/15 6:59 p.m.•39 views

CVE-2014-8507

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via...

7.5CVSS8.5AI score0.03404EPSS

CVE•added 2014/12/15 6:59 p.m.•35 views

CVE-2014-8610

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old...

3.3CVSS6.6AI score0.00061EPSS