Vulnerabilities > Android > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-01-25 | CVE-2011-4702 | Permissions, Privileges, and Access Controls vulnerability in Nimbuzz 2..0.10/2.0.8 The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | 5.8 |
| 2012-01-25 | CVE-2011-4701 | Permissions, Privileges, and Access Controls vulnerability in Hatena Callconfirm 2.0.0 The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. | 5.8 |
| 2012-01-25 | CVE-2011-4700 | Permissions, Privileges, and Access Controls vulnerability in Ubermedia Ubersocial The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | 5.8 |
| 2012-01-25 | CVE-2011-4699 | Information Exposure vulnerability in Ubermedia Twidroyd Legacy 4.3.11 The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | 6.4 |
| 2012-01-25 | CVE-2011-4698 | Information Exposure vulnerability in Androidapptools Easy Filter 1.1/1.2 The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | 6.4 |
| 2012-01-25 | CVE-2011-4697 | Information Exposure vulnerability in Xiaomi Mitalk Messenger 1.0/2.1.280 The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. | 6.4 |
| 2011-08-09 | CVE-2008-7298 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | 5.8 |