第三方系统漏洞列表 [OSVDB] (22)
CyanogenMod, ClockWorkMod, and Koush Superuser for Android contains a flaw that is due to the application failing to restrict users from using the /system/xbin/su setuid root executable. This may allow a local attacker to hijack a user's root session.
Google Glass contains a flaw that is triggered when reading a specially crafted QR code. This code can automatically connect the user to a malicious WiFi access point controlled by the attacker. This may allow a physically present attacker to view connections made by Glass, view requests to images uploaded to the Cloud, and force the device to browse to a page that could execute arbitrary code on the device via known Android vulnerabilities.
Cisco Desktop Collaboration Experience DX650 contains an unspecified overflow condition in the Android API. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
Multiple LG Android phones contain a flaw in the backup software that leads to unauthorized privileges being gained. The issue is triggered when handling a specially crafted backup file and may allow a local attacker to gain elevated privileges.
LG Optimus G E973 contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when supplying a specially crafted command via the HiddenMenu, which will allow a physically present attacker to execute commands with elevated privileges.
Google Android on Motorola contains a flaw in the USB debugging mode that leads to unauthorized privileges being gained. This issue is triggered when the device has been has been connected to a system that contains a specially crafted file designed to place the device into ROOT mode. This will allow a physically present attacker to gain elevated privileges.