Google

Android

8158 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 11.53%
  • Veröffentlicht 27.01.2012 15:55:04
  • Zuletzt bearbeitet 16.06.2026 23:34:04

Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wro...

  • EPSS 0.58%
  • Veröffentlicht 25.01.2012 18:55:12
  • Zuletzt bearbeitet 16.06.2026 23:34:41

The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

  • EPSS 1.78%
  • Veröffentlicht 25.10.2011 19:55:01
  • Zuletzt bearbeitet 16.06.2026 23:34:05

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selec...

  • EPSS 1.03%
  • Veröffentlicht 03.10.2011 15:55:01
  • Zuletzt bearbeitet 16.06.2026 23:34:14

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain...

  • EPSS 4.62%
  • Veröffentlicht 12.08.2011 18:55:04
  • Zuletzt bearbeitet 16.06.2026 23:31:10

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tab...

  • EPSS 0.99%
  • Veröffentlicht 09.08.2011 19:55:01
  • Zuletzt bearbeitet 16.06.2026 23:04:01

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to ...

  • EPSS 1.15%
  • Veröffentlicht 08.07.2011 17:55:01
  • Zuletzt bearbeitet 16.06.2026 23:31:08

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the t...

  • EPSS 26.95%
  • Veröffentlicht 09.06.2011 10:36:27
  • Zuletzt bearbeitet 16.06.2026 23:25:34

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

Warnung Medienbericht Exploit
  • EPSS 41.63%
  • Veröffentlicht 09.06.2011 10:36:27
  • Zuletzt bearbeitet 16.06.2026 23:30:11

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-on...

Exploit
  • EPSS 30.41%
  • Veröffentlicht 16.05.2011 17:55:02
  • Zuletzt bearbeitet 16.06.2026 23:27:19

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac...