Total
7819 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3640 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | |||||
CVE-2010-3639 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2010-3636 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. | |||||
CVE-2010-2884 | 4 Adobe, Apple, Google and 1 more | 6 Acrobat, Acrobat Reader, Flash Player and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. | |||||
CVE-2010-1807 | 3 Apple, Google, Webkitgtk | 3 Safari, Android, Webkitgtk | 2024-11-21 | 9.3 HIGH | N/A |
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | |||||
CVE-2010-0113 | 2 Google, Symantec | 2 Android, Mobile Security | 2024-11-21 | 4.3 MEDIUM | N/A |
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. | |||||
CVE-2009-3698 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | N/A |
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656. | |||||
CVE-2009-2999 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | N/A |
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656. | |||||
CVE-2009-2656 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009. | |||||
CVE-2009-2348 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | N/A |
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | |||||
CVE-2009-1754 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | N/A |
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
CVE-2008-7298 | 2 Android, Google | 2 Android Browser, Android | 2024-11-21 | 5.8 MEDIUM | N/A |
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2024-23715 | 1 Google | 1 Android | 2024-11-20 | N/A | 7.8 HIGH |
In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-35686 | 1 Google | 1 Android | 2024-11-20 | N/A | 7.8 HIGH |
In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-35659 | 1 Google | 1 Android | 2024-11-20 | N/A | 7.8 HIGH |
In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2017-13227 | 1 Google | 1 Android | 2024-11-20 | N/A | 5.5 MEDIUM |
In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-43093 | 1 Google | 1 Android | 2024-11-14 | N/A | 7.8 HIGH |
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
CVE-2024-20114 | 2 Google, Mediatek | 11 Android, Mt6765, Mt6768 and 8 more | 2024-11-05 | N/A | 6.7 MEDIUM |
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714. | |||||
CVE-2024-47041 | 1 Google | 1 Android | 2024-11-04 | N/A | 7.8 HIGH |
In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-47035 | 1 Google | 1 Android | 2024-10-31 | N/A | 7.8 HIGH |
In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |