Native层漏洞列表 [OSVDB] (19)

OSVDB/97520(发布:2013-09-15)MCOEPS
CVSSN/A

Android contains a flaw in the addJavascriptInterface method in the WebView class. The issue is triggered when viewing web content. This may allow a context-dependent attacker to gain access to arbitrary java methods.

OSVDB/87181(发布:2012-08-16)NMCO
CVSS5.8

Android_Pusher Library for Android contains a flaw related to domain name validation during certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow a man-in-the-middle attacker to spoof SSL servers via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.

OSVDB/88086(发布:2012-07-24)NMCOPS
CVSS5.0

Google Android is vulnerable to a DNS Cache poisoning weakness that is triggered when the wrapper fails to randomly acquire a port with it's own DNS port implementation. After failing to do so ten times it will authorize the use res_randomid() function of res_init.c to complete the task. This function draws from the port from a predictable set of numbers, which may make it easier for a remote attacker to poison the DNS cache of a target user.

OSVDB/90055(发布:2012-05-03)MCOS
CVSSN/A

Android contains a flaw in the SQLite database that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the program creating journal files in directories with insecure world readable permissions. This may allow a local attacker to gain access to sensitive information stored in journal files.

OSVDB/86227(发布:2012-04-13)NMCOEP
CVSS7.8

Android contains a flaw that may allow a local denial of service. This issue is triggered when fork requests from processes with arbitrary UIDs are accepted by the Zygote process. This may allow a local attacker to cause a loss of availability for the device.

OSVDB/86544(发布:2012-03-18)MCOEPS
CVSSN/A

Android contains a flaw that is triggered when the built in factory reset feature fails to properly remove all information from the system, when ran from either the recovery console or inside. This may allow a physically present attacker to gain access to potentially sensitive information from a locked device, by first performing a factory reset and then recovering the information.

1234下一页尾页 第1页 / 共4页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站