cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.
Max CVSS
4.3
EPSS Score
0.89%
Published
2009-10-14
Updated
2018-10-10
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
Max CVSS
9.3
EPSS Score
92.22%
Published
2010-09-10
Updated
2017-09-19

CVE-2010-4804

Public exploit
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
Max CVSS
4.3
EPSS Score
9.74%
Published
2011-06-09
Updated
2011-10-27
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-05-14
Updated
2014-05-14
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Max CVSS
5.0
EPSS Score
0.56%
Published
2011-01-31
Updated
2017-08-17
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.
Max CVSS
7.2
EPSS Score
0.23%
Published
2011-04-21
Updated
2011-04-23
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
Max CVSS
7.1
EPSS Score
0.06%
Published
2013-02-05
Updated
2013-02-07
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.
Max CVSS
6.9
EPSS Score
0.05%
Published
2013-02-05
Updated
2013-02-08
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.
Max CVSS
2.4
EPSS Score
0.05%
Published
2020-02-12
Updated
2020-02-19
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.
Max CVSS
4.3
EPSS Score
0.48%
Published
2011-10-25
Updated
2020-05-11
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
Max CVSS
7.8
EPSS Score
0.08%
Published
2012-10-07
Updated
2013-08-03
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
Max CVSS
9.8
EPSS Score
1.39%
Published
2020-01-23
Updated
2020-01-27
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.
Max CVSS
5.0
EPSS Score
0.24%
Published
2014-04-29
Updated
2014-04-30
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
Max CVSS
7.5
EPSS Score
0.24%
Published
2014-04-29
Updated
2014-04-30
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
Max CVSS
10.0
EPSS Score
0.06%
Published
2016-07-11
Updated
2016-07-11
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-04-20
Updated
2018-05-23
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
Max CVSS
7.5
EPSS Score
0.16%
Published
2014-03-03
Updated
2016-05-26
cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.
Max CVSS
7.5
EPSS Score
0.42%
Published
2017-10-18
Updated
2017-11-07
**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.
Max CVSS
9.8
EPSS Score
0.20%
Published
2018-03-27
Updated
2018-04-23
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
Max CVSS
3.3
EPSS Score
0.15%
Published
2014-09-04
Updated
2016-06-23
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
Max CVSS
9.0
EPSS Score
1.82%
Published
2020-02-07
Updated
2020-02-12
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
Max CVSS
7.2
EPSS Score
0.06%
Published
2014-12-15
Updated
2014-12-16
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
Max CVSS
8.1
EPSS Score
0.26%
Published
2020-02-21
Updated
2020-02-26
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
Max CVSS
10.0
EPSS Score
0.12%
Published
2015-10-01
Updated
2015-10-01
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
Max CVSS
10.0
EPSS Score
0.12%
Published
2015-10-01
Updated
2015-10-01
1851 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!