第三方系统漏洞列表 [OSVDB] (22)

OSVDB/99883(发布:2013-11-13)NMCOPS
CVSS7.6

CyanogenMod, ClockWorkMod, and Koush Superuser for Android contains a flaw that is due to the application failing to restrict users from using the /system/xbin/su setuid root executable. This may allow a local attacker to hijack a user's root session.

OSVDB/95383(发布:2013-07-17)NMCO
CVSS6.9

Google Glass contains a flaw that is triggered when reading a specially crafted QR code. This code can automatically connect the user to a malicious WiFi access point controlled by the attacker. This may allow a physically present attacker to view connections made by Glass, view requests to images uploaded to the Cloud, and force the device to browse to a page that could execute arbitrary code on the device via known Android vulnerabilities.

OSVDB/94721(发布:2013-06-29)NMCOS
CVSS6.6

Cisco Desktop Collaboration Experience DX650 contains an unspecified overflow condition in the Android API. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

OSVDB/94524(发布:2013-06-24)MCOPS
CVSSN/A

Multiple LG Android phones contain a flaw in the backup software that leads to unauthorized privileges being gained. The issue is triggered when handling a specially crafted backup file and may allow a local attacker to gain elevated privileges.

OSVDB/93694(发布:2013-05-25)NMCOPS
CVSS7.2

LG Optimus G E973 contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when supplying a specially crafted command via the HiddenMenu, which will allow a physically present attacker to execute commands with elevated privileges.

OSVDB/92267(发布:2013-04-09)NMCOPS
CVSS6.9

Google Android on Motorola contains a flaw in the USB debugging mode that leads to unauthorized privileges being gained. This issue is triggered when the device has been has been connected to a system that contains a specially crafted file designed to place the device into ROOT mode. This will allow a physically present attacker to gain elevated privileges.

1234下一页尾页 第1页 / 共4页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站