原生应用漏洞列表 [SecurityFocus] (12)

BID/51909(发布:2012-02-08 12:00:00)MCOEPS
CVSSN/A

Open Handset Alliance Android is prone to the following vulnerabilities:
1. A security weakness.
2. A cross-site scripting vulnerability.
3. Multiple cross-domain scripting vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass the same-origin protection and obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.

BID/48954(发布:2011-08-02 12:00:00)NMCOPS
CVSS4.3

Open Handset Alliance Android is prone to a vulnerability that may allow a bypass of the browser sandbox.
Successful exploits will allow attackers to execute arbitrary script code within the context of an arbitrary domain.
Android 2.3.4 and 3.1 are vulnerable; prior versions may also be affected.

BID/48940(发布:2011-07-29 12:00:00)MCOEPS
CVSSN/A

Open Handset Alliance Android is prone to a security vulnerability that may allow attackers to spoof SSL certificates.
Attackers can exploit this issue to display incorrect SSL certificates. Successful exploits will cause victims to assume that they are viewing a legitimate site.

BID/48256(发布:2011-06-13 12:00:00)NMCOEPS
CVSS4.3

Open Handset Alliance Android is prone to multiple information-disclosure vulnerabilities in the browser application.
A remote attacker can exploit these issues to obtain potentially sensitive information that is stored on an SD card. Information obtained may aid in further attacks.

BID/46553(发布:2011-02-24 12:00:00)MCOEPS
CVSSN/A

Open Handset Alliance Android is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices.
An attacker with physical access to a locked device can exploit this issue to bypass the passcode. Successful exploits may lead to other attacks.

BID/46105(发布:2011-02-02 12:00:00)NMCOS
CVSS5.0

Open Handset Alliance Android is prone to an information-disclosure vulnerability.
A remote attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks.

12下一页尾页 第1页 / 共2页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站