Vulnerabilities > Google
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-31 | CVE-2013-6774 | Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. | 10.0 |
| 2014-03-31 | CVE-2013-6770 | Permissions, Privileges, and Access Controls vulnerability in multiple products The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | 7.6 |
| 2014-03-31 | CVE-2013-6769 | Improper Input Validation vulnerability in Koushik Dutta Superuser 1.0.2.1 The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. | 10.0 |
| 2014-03-31 | CVE-2013-6768 | Path Traversal vulnerability in Koushik Dutta Superuser 1.0.2.1 Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. | 5.0 |
| 2014-03-29 | CVE-2014-1516 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application. | 5.0 |
| 2014-03-25 | CVE-2014-1515 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | 1.9 |
| 2014-03-20 | CVE-2014-1970 | Path Traversal vulnerability in Estrongs ES File Explorer Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | 5.8 |
| 2014-03-19 | CVE-2014-1979 | Code Injection vulnerability in Nttdocomo Spmode Mail Android The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. | 6.8 |
| 2014-03-19 | CVE-2014-1978 | Permissions, Privileges, and Access Controls vulnerability in Nttdocomo Spmode Mail Android The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | 4.3 |
| 2014-03-19 | CVE-2014-1977 | Permissions, Privileges, and Access Controls vulnerability in Nttdocomo Spmode Mail Android The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | 4.3 |