框架层漏洞列表 (33)

OSVDB/85806(发布:2012-09-24)MCOEPS
CVSSN/A

The Android Dialer contains a flaw that is triggered during the handling of certain Unstructured Supplementary Service Data (USSD) codes from a web page that contains a specially crafted 'tel:' URI. This may allow a context-dependent attacker to reset the device back to factory settings.

OSVDB/84477(发布:2012-04-09)MCOEPS
CVSSN/A

Android Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the URI ACTION_VIEW Intent action passes arbitrary information to a remote attacker, even in cases where no permissions are required to export information have been granted.

OSVDB/84478(发布:2012-04-09)MCOEPS
CVSSN/A

The Android Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user installs a malicious Android application that requires no permissions. Due to a flaw in permission management, the malicious application may be able to scan the device's SD card, fetch the /data/system/packages.list file, and bypass the PHONE_STATE permission. This information can then be sent to a remote server, potentially disclosing sensitive information.

OSVDB/72768(发布:2011-01-30)MCOEPS
CVSSN/A

暂无描述

BID/58505(发布:2013-03-14 12:00:00)MCOEPS
CVSSN/A

Android is prone to multiple security vulnerabilities including:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
3. A file-overwrite vulnerability
Successful exploits allows an attacker to gain access to sensitive information, bypass certain security restrictions, or overwrite arbitrary files. Other attacks are also possible.

BID/56392(发布:2012-11-05 12:00:00)MCOEPS
CVSSN/A

Android is prone to an SMS-spoofing vulnerability.
An attacker may exploit this vulnerability to send spoofed SMS contents to a victim that seem to originate from a trusted user. This allows a remote attacker to carry out phishing attacks. Other attacks may be possible.
Android versions 1.6 (Donut) through 4.1 (Jelly Bean) are vulnerable.

首页上一页123456下一页尾页 第3页 / 共6页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站