Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-6275 |
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. Published: November 14, 2017; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-6274 |
An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274. Published: November 14, 2017; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-15999 |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. Published: October 29, 2017; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2017-15998 |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. Published: October 29, 2017; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15997 |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. Published: October 29, 2017; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2017-15582 |
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. Published: October 27, 2017; 4:29:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15581 |
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. Published: October 27, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-1835 |
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. Published: October 27, 2017; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 2.6 LOW |
CVE-2017-5120 |
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5119 |
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5118 |
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5116 |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5114 |
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5113 |
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5110 |
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5108 |
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5106 |
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5105 |
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Published: October 27, 2017; 1:29:02 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5102 |
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Published: October 27, 2017; 1:29:01 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5098 |
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Published: October 27, 2017; 1:29:01 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |