CVE-2012-6301
Public exploit
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Max CVSS
5.0
EPSS Score
6.04%
Published
2012-12-10
Updated
2012-12-11
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.
Max CVSS
4.3
EPSS Score
0.07%
Published
2012-11-30
Updated
2013-10-11
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call.
Max CVSS
6.8
EPSS Score
0.10%
Published
2012-11-30
Updated
2013-10-11
diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.
Max CVSS
6.8
EPSS Score
0.10%
Published
2012-11-30
Updated
2013-10-10
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
Max CVSS
6.8
EPSS Score
1.22%
Published
2012-08-29
Updated
2013-03-26
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.
Max CVSS
4.3
EPSS Score
0.10%
Published
2012-01-25
Updated
2012-01-26
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
Max CVSS
7.8
EPSS Score
0.08%
Published
2012-10-07
Updated
2013-08-03
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
Max CVSS
9.3
EPSS Score
1.65%
Published
2012-01-27
Updated
2012-02-06
8 vulnerabilities found