Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8186 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-7913 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2024-11-21 | N/A |
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. | ||||
CVE-2014-7912 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2024-11-21 | N/A |
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. | ||||
CVE-2014-7911 | 1 Google | 1 Android | 2024-11-21 | N/A |
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | ||||
CVE-2014-7224 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | ||||
CVE-2014-6060 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2024-11-21 | N/A |
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. | ||||
CVE-2014-5333 | 6 Adobe, Apple, Google and 3 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2024-11-21 | N/A |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. | ||||
CVE-2014-4959 | 1 Google | 1 Android | 2024-11-21 | N/A |
**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | ||||
CVE-2014-4925 | 2 Good, Google | 2 Good For Enterprise, Android | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. | ||||
CVE-2014-3166 | 5 Apple, Debian, Google and 2 more | 7 Iphone Os, Mac Os X, Debian Linux and 4 more | 2024-11-21 | N/A |
The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. | ||||
CVE-2014-3164 | 1 Google | 1 Android | 2024-11-21 | N/A |
cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | ||||
CVE-2014-3161 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. | ||||
CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A |
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. | ||||
CVE-2014-3100 | 1 Google | 1 Android | 2024-11-21 | N/A |
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. | ||||
CVE-2014-1979 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-11-21 | N/A |
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. | ||||
CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-11-21 | N/A |
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | ||||
CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-11-21 | N/A |
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | ||||
CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2024-11-21 | N/A |
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | ||||
CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2024-11-21 | N/A |
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. | ||||
CVE-2014-1566 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A |
Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515. | ||||
CVE-2014-1527 | 4 Fedoraproject, Google, Mozilla and 1 more | 4 Fedora, Android, Firefox and 1 more | 2024-11-21 | N/A |
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. |