Vulnerabilities > Google > Android > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-17 | CVE-2013-3642 | Information Exposure vulnerability in Adgjm Angel Browser The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | 4.3 |
2013-06-03 | CVE-2013-2317 | Cross-Site Scripting vulnerability in Apache OFBiz The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. | 5.8 |
2013-04-16 | CVE-2013-2304 | Permissions, Privileges, and Access Controls vulnerability in Fenrir-Inc Sleipnir Mobile The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. | 5.8 |
2013-04-03 | CVE-2013-0798 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. | 4.3 |
2013-02-12 | CVE-2013-0637 | Information Exposure vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2013-02-05 | CVE-2011-1352 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. | 6.9 |
2013-01-13 | CVE-2013-0751 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. | 5.8 |
2012-12-10 | CVE-2012-6301 | Improper Input Validation vulnerability in Google Android 4.0.3 The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | 5.0 |
2012-11-30 | CVE-2012-4222 | Improper Input Validation vulnerability in Google Android drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. | 4.3 |
2012-11-30 | CVE-2012-4221 | Numeric Errors vulnerability in Google Android Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call. | 6.8 |