内核层漏洞列表 (31)

OSVDB/100299(发布:2013-10-25)MCOEPS
CVSSN/A

Code Aurora Android for MSM contains an uninitialized variable flaw in the genlock_dev_ioctl() function in drivers/base/genlock.c. The issue is triggered as all members of a structure are not properly initialized before being copied to user space. This may allow a local attacker to gain access to potentially sensitive kernel memory.

OSVDB/94289(发布:2013-06-14)MCOEPS
CVSSN/A

Android contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to debug mode not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the adb Filename. This directory traversal attack would allow a physically present attacker to gain elevated privileges.

OSVDB/94187(发布:2013-06-06)MCOEPS
CVSSN/A

Android contains a flaw that may allow a malicious application to possess device administrator privileges but not appear on the list of applications which possess these privileges. This may be exploited to make it impossible to delete the malicious application.

OSVDB/91285(发布:2013-03-14)MCOEPS
CVSSN/A

Google Android contains a flaw due to the CHANGE_NETWORK_STATE permission that may allow an application to manipulate objects and data in the routing tables. With a specially crafted application that would be considered harmless by many, a remote attacker can more easily compromise a users system.

OSVDB/91284(发布:2013-03-14)MCOEPS
CVSSN/A

Google Android contains a flaw that may allow an application stored on the SD card to hide their permissions from the user. Note that both the researcher and the vendor suggest that while this is a theoretical issue, neither can come up with a current attack scenario that leverages this bug.

OSVDB/91283(发布:2013-03-14)MCOEPS
CVSSN/A

Google Android contains a flaw that leads to unauthorized privileges being gained. In certain unspecified situations this issue may allow an application to replace the native code of another application and gain the privileges that are associated with it. This may allow a remote attacker to potentially execute arbitrary code as well.

123456下一页尾页 第1页 / 共6页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站