Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0542 |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. Published: August 12, 2014; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0541 |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors. Published: August 12, 2014; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0540 |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. Published: August 12, 2014; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-0538 |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allows attackers to execute arbitrary code via unspecified vectors. Published: August 12, 2014; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-3161 |
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. Published: July 20, 2014; 7:12:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-3159 |
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. Published: July 20, 2014; 7:12:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-1527 |
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. Published: April 30, 2014; 6:49:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-7373 |
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. Published: April 29, 2014; 4:55:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-7372 |
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. Published: April 29, 2014; 4:55:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-6775 |
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. Published: March 31, 2014; 10:58:57 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6769 |
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. Published: March 31, 2014; 10:58:57 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6774 |
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Published: March 31, 2014; 10:58:57 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6768 |
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. Published: March 31, 2014; 10:58:57 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-1516 |
The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application. Published: March 29, 2014; 4:55:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-1515 |
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. Published: March 25, 2014; 9:25:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 1.9 LOW |
CVE-2014-1970 |
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. Published: March 20, 2014; 11:55:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-1506 |
Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments. Published: March 19, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-1501 |
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Published: March 19, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-1939 |
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. Published: March 02, 2014; 11:50:46 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4710 |
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. Published: March 02, 2014; 11:50:46 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |