CVE-2014-3100
- EPSS 1.76%
- Veröffentlicht 02.07.2014 04:14:17
- Zuletzt bearbeitet 06.05.2026 22:30:45
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cry...
CVE-2010-4832
- EPSS 0.79%
- Veröffentlicht 14.05.2014 00:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loade...
CVE-2013-7373
- EPSS 1.14%
- Veröffentlicht 29.04.2014 20:55:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
- EPSS 2.34%
- Veröffentlicht 29.04.2014 20:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptogr...
CVE-2013-6770
- EPSS 0.67%
- Veröffentlicht 31.03.2014 14:58:57
- Zuletzt bearbeitet 06.05.2026 22:30:45
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB she...
CVE-2013-4710
- EPSS 42.62%
- Veröffentlicht 03.03.2014 04:50:46
- Zuletzt bearbeitet 29.04.2026 01:13:23
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service ...
CVE-2014-1939
- EPSS 1.07%
- Veröffentlicht 03.03.2014 04:50:46
- Zuletzt bearbeitet 29.04.2026 01:13:23
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searc...
CVE-2013-6271
- EPSS 8.9%
- Veröffentlicht 14.12.2013 20:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWOR...
CVE-2013-4777
- EPSS 0.21%
- Veröffentlicht 25.09.2013 10:31:29
- Zuletzt bearbeitet 29.04.2026 01:13:23
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalS...
CVE-2013-5933
- EPSS 0.18%
- Veröffentlicht 25.09.2013 10:31:29
- Zuletzt bearbeitet 29.04.2026 01:13:23
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by wri...