Android Security Vulnerabilities and Issues — Android CVE List

Lucene search

GoogleAndroid

8 matches found

CVE•added 2012/11/30 12:54 p.m.•61 views

CVE-2012-4221

Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call.

6.8CVSS7.7AI score0.00371EPSS

CVE•added 2012/12/10 8:55 p.m.•58 views

CVE-2012-6301

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

5CVSS6.6AI score0.43028EPSS

CVE•added 2012/01/27 3:55 p.m.•57 views

CVE-2011-3874

Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRu...

9.3CVSS8.3AI score0.25361EPSS

CVE•added 2012/08/29 10:56 a.m.•57 views

CVE-2012-3979

Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

6.8CVSS7.4AI score0.01477EPSS

CVE•added 2012/11/30 12:54 p.m.•54 views

CVE-2012-4220

diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_i...

6.8CVSS7.5AI score0.17842EPSS

CVE•added 2012/10/07 3:55 p.m.•53 views

CVE-2011-3918

The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.

7.8CVSS6.7AI score0.10066EPSS

CVE•added 2012/11/30 12:54 p.m.•47 views

CVE-2012-4222

drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.

4.3CVSS6.2AI score0.00117EPSS

CVE•added 2012/01/25 6:55 p.m.•38 views

CVE-2011-4276

The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

4.3CVSS6.8AI score0.00163EPSS