Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2012-09-14 | 5.0 MEDIUM | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | |||||
CVE-2012-4905 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | |||||
CVE-2012-4904 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | |||||
CVE-2012-4903 | 1 Google | 2 Android, Chrome | 2012-09-13 | 5.0 MEDIUM | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | |||||
CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2012-08-19 | 4.3 MEDIUM | N/A |
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. | |||||
CVE-2008-7298 | 2 Android, Google | 2 Android Browser, Android | 2012-08-01 | 5.8 MEDIUM | N/A |
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2012-2640 | 2 Google, Yomecolle | 2 Android, Nec Biglobe Yome Collection | 2012-07-16 | 5.0 MEDIUM | N/A |
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. | |||||
CVE-2012-2635 | 2 Dolphin-browser, Google | 3 Dolphin Browser Hd, Dolphin For Pad, Android | 2012-06-17 | 4.3 MEDIUM | N/A |
The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
CVE-2012-2949 | 2 Google, Zte | 2 Android, Score M | 2012-05-29 | 10.0 HIGH | N/A |
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. | |||||
CVE-2012-1408 | 2 Creative Core, Google | 2 App Lock, Android | 2012-03-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1409 | 2 Google, Tinycouch | 2 Android, Tiny Password | 2012-03-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Tiny Password (com.tinycouch.android.freepassword) application 1.64 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1474 | 2 Google, Sdo | 2 Android, Youni Sms | 2012-03-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors. | |||||
CVE-2012-1475 | 2 Google, Qualcomm | 2 Android, Yagattatalk Messenger | 2012-03-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1476 | 2 Google, Kktalk | 2 Android, Kktalk | 2012-03-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the KKtalk (com.kkliaotian.android) application 4.0.0 and 4.1.5 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1477 | 2 Cnectd, Google | 2 Cnectd, Android | 2012-03-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1381 | 2 Google, Netease | 2 Android, Netease Cloudalbum | 2012-03-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1383 | 2 Google, Netease | 2 Android, Netease Reader | 2012-03-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1384 | 2 Google, Netease | 2 Android, Netease Pmail | 2012-03-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1385 | 2 Google, Netease | 2 Android, Netease Weibohd | 2012-03-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors. | |||||
CVE-2012-1387 | 2 Google, Uangel | 2 Android, Realtalk | 2012-03-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors. |