原生漏洞列表 [OSVDB] (80)

OSVDB/102278(发布:2014-01-17)MCOEPS
CVSSN/A

Android contains a flaw that is during the handling of a specially crafted application. This may allow a local attacker to bypass a secure virtual private network (VPN) connection and redirect potentially sensitive cleartext information to a location they control.

OSVDB/100835(发布:2013-12-10)MCOEPS
CVSSN/A

Google Android contains a flaw in the PreferenceActivity class that leads to unauthorized privileges being gained. The issue is due to the :android:show_fragment intent extra allowing for arbitrary classes to be loaded. This may allow a local attacker to use a specially crafted application to load arbitrary classes and gain elevated privileges.

OSVDB/99883(发布:2013-11-13)NMCOPS
CVSS7.6

CyanogenMod, ClockWorkMod, and Koush Superuser for Android contains a flaw that is due to the application failing to restrict users from using the /system/xbin/su setuid root executable. This may allow a local attacker to hijack a user's root session.

OSVDB/100935(发布:2013-11-08)MCOS
CVSSN/A

Google Android contains a flaw that is triggered during the handling of a specially crafted APK file. This may allow a context-dependent attacker to create a malicious APK file without harming the original signature attached to the file.

OSVDB/99537(发布:2013-11-07)NMCOPS
CVSS6.9

Goodix GT915 Touchscreen Driver for Android contains a flaw that is triggered when user controlled data is copied to a global variable without a mutual-exlusion mechanism when handling arguments passed to the procfs write handler. This may allow a local attacker to bypass security checks, crash the program, or alter the internal state of the handler.

OSVDB/99536(发布:2013-11-07)NMCOPS
CVSS6.9

Goodix GT915 Touchscreen Driver for Android contains multiple memory corruption flaws that are triggered as user-supplied input is not properly sanitized when processing data written to the procfs file. The program uses user supplied length values without properly bounds checking them, which may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

12345678下一页尾页 第1页 / 共14页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站