原生漏洞列表 (105)

CVE-2012-2808(发布:2015-04-01 06:59:00)NMCOPS
CVSS5.0

[CNNVD]Open Handset Alliance Android 远程DNS缓存投毒漏洞--Android是Google通过Open Handset Alliance发起的项目,用于为移动设备提供完整的软件集,包括操作系统、中间件等。 Open Handset Alliance Android中存在远程DNS缓存投毒漏洞。攻击者可利用该漏洞从合法网站转移数据到攻击者指定的站点,成功的利用将...

OSVDB/102278(发布:2014-01-17)MCOEPS
CVSSN/A

Android contains a flaw that is during the handling of a specially crafted application. This may allow a local attacker to bypass a secure virtual private network (VPN) connection and redirect potentially sensitive cleartext information to a location they control.

OSVDB/100835(发布:2013-12-10)MCOEPS
CVSSN/A

Google Android contains a flaw in the PreferenceActivity class that leads to unauthorized privileges being gained. The issue is due to the :android:show_fragment intent extra allowing for arbitrary classes to be loaded. This may allow a local attacker to use a specially crafted application to load arbitrary classes and gain elevated privileges.

OSVDB/100299(发布:2013-10-25)MCOEPS
CVSSN/A

Code Aurora Android for MSM contains an uninitialized variable flaw in the genlock_dev_ioctl() function in drivers/base/genlock.c. The issue is triggered as all members of a structure are not properly initialized before being copied to user space. This may allow a local attacker to gain access to potentially sensitive kernel memory.

OSVDB/97520(发布:2013-09-15)MCOEPS
CVSSN/A

Android contains a flaw in the addJavascriptInterface method in the WebView class. The issue is triggered when viewing web content. This may allow a context-dependent attacker to gain access to arbitrary java methods.

OSVDB/96174(发布:2013-08-11)MCOEPS
CVSSN/A

Android contains a flaw related to improper initialization of the underlying OpenSSL PRNG that is triggered when an application e.g. uses the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation. This may result in non-cryptographically strong values being generated, which could allow attackers to have various impacts depending on the affected application (e.g. compromise a user's Bitcoin wallet).

12345678下一页尾页 第1页 / 共18页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站