Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0637 |
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. Published: February 12, 2013; 3:55:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0634 |
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. Published: February 08, 2013; 6:58:21 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0633 |
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Published: February 08, 2013; 6:58:21 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-5187 |
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. Published: February 06, 2013; 7:05:43 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1352 |
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. Published: February 05, 2013; 10:55:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2011-1350 |
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. Published: February 05, 2013; 10:55:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2013-0751 |
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. Published: January 13, 2013; 3:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-0630 |
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. Published: January 11, 2013; 5:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-6337 |
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. Published: December 31, 2012; 6:50:28 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-6335 |
The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." Published: December 31, 2012; 6:50:28 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-6334 |
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." Published: December 31, 2012; 6:50:28 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.9 LOW |
CVE-2012-5183 |
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. Published: December 26, 2012; 12:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2012-5182 |
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. Published: December 26, 2012; 12:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5180 |
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. Published: December 26, 2012; 12:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5179 |
The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. Published: December 26, 2012; 12:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-6422 |
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. Published: December 17, 2012; 7:55:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-5678 |
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: December 12, 2012; 6:38:44 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-5677 |
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Published: December 12, 2012; 6:38:44 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-5676 |
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Published: December 12, 2012; 6:38:44 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-6301 |
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. Published: December 10, 2012; 3:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |