Search Results (Refine Search)
- CPE Product Version: cpe:/o:google:android:2.2:rev1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-25381 |
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Published: April 09, 2021; 2:15:15 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25343 |
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. Published: March 04, 2021; 5:15:13 PM -0500 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25342 |
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Published: March 04, 2021; 5:15:13 PM -0500 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-1155 |
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. Published: April 13, 2017; 1:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-7920 |
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. Published: April 13, 2017; 12:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2014-8610 |
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. Published: December 15, 2014; 1:59:19 PM -0500 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2014-8507 |
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. Published: December 15, 2014; 1:59:16 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-7911 |
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. Published: December 15, 2014; 1:59:15 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-7373 |
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. Published: April 29, 2014; 4:55:09 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-6775 |
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. Published: March 31, 2014; 10:58:57 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6774 |
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Published: March 31, 2014; 10:58:57 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6768 |
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. Published: March 31, 2014; 10:58:57 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3347 |
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. Published: July 10, 2013; 6:55:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-3345 |
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: July 10, 2013; 6:55:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-3344 |
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. Published: July 10, 2013; 6:55:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-4787 |
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability. Published: July 09, 2013; 1:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-3642 |
The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. Published: June 16, 2013; 11:29:45 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1380 |
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378. Published: April 09, 2013; 11:48:20 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-1379 |
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: April 09, 2013; 11:48:20 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-1378 |
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380. Published: April 09, 2013; 11:48:20 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |