Vulnerabilities > Google > Android > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-08 | CVE-2015-6627 | Information Exposure vulnerability in Google Android The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743. | 2.6 |
| 2015-05-14 | CVE-2015-2714 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier. | 2.1 |
| 2014-12-15 | CVE-2014-8610 | Permissions, Privileges, and Access Controls vulnerability in Google Android AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. | 3.3 |
| 2014-09-04 | CVE-2014-6060 | Resource Management Errors vulnerability in multiple products The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. | 3.3 |
| 2014-03-25 | CVE-2014-1515 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | 1.9 |
| 2012-05-22 | CVE-2012-2567 | Credentials Management vulnerability in Xelex Mobiletrack 2.3.7 The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session. | 2.6 |
| 2011-10-03 | CVE-2011-3975 | Information Exposure vulnerability in multiple products A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. | 2.6 |
| 2011-05-13 | CVE-2011-1840 | Cryptographic Issues vulnerability in Martinicreations Passmanlite Password Manager The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access. | 2.1 |
| 2010-11-09 | CVE-2010-4212 | Permissions, Privileges, and Access Controls vulnerability in Usaa 3.0 The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. | 1.9 |