Back to all years

2011

WebKit Use-After-Free

(json)

• CVE numbers: CVE-2010-1119 [citation-needed]
• Coordinated disclosure?: unknown
• Categories: system, app
• Details: A vulnerability in the WebKit browser engine allows a malicious webpage to perform remote code execution [webkit-use-after-free-exploit-db]
• Discovered by: MJ Keith [webkit-use-after-free-exploit-db] on: 2011-03-11 [webkit-use-after-free-exploit-db]
• Reported on: Unknown
• Fixed on: Unknown
• Fix released on: 2010-05-20 [citation-needed]
• Affected versions: 2.0-2.1.1 [webkit-use-after-free-exploit-db] regex: (2.0.[0-9])|(2.1.[0-1])
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.2 [citation-needed]
• Submission: by: Daniel Carter, on: 2019-07-03

KillingInTheNameOf psneuter ashmem

(json)

• CVE numbers: CVE-2011-1149 [citation-needed]
• Coordinated disclosure?: false
• Categories: system, kernel
• Details: Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges [citation-needed]
• Discovered by: on: Unknown
• Reported on: 2011-01-06 [c-skills-adb-trickery][archived]
• Fixed on: 2010-07-13 [ashmem-fix-core], 2010-07-15 [ashmem-fix-kernel]
• Fix released on: 2010-12-06 [citation-needed]
• Affected versions: 1.5 -- 2.2.2 [citation-needed] regex: (1.[5-9].[0-9])|(2.(([0-1].[0-9])|(2.[0-9])))
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3 [citation-needed]
• Submission: by: Daniel R. Thomas, on: 2013-09-04

exploid udev

(json)

• CVE numbers: CVE-2009-1185 [citation-needed]
• Coordinated disclosure?: false
• Categories: kernel
• Details: udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. [CVE-2009-1185]
• Discovered by: Sebastian ??? [c-skills-android-trickery][archived] on: 2010-07-15 [c-skills-android-trickery][archived]
• Reported on: 2010-07-15 [c-skills-android-trickery][archived]
• Fixed on: 2011-04-18 [netd-udev-fix]
• Fix released on: 2011-07-25 [sprint-2.3.5-release#0][sprint-2.3.5-release#1]
• Affected versions: 1.0-2.3.4 [citation-needed] regex: (1.[0-9].[0-9])|(2.(([0-2].[0-9])|(3.[0-4])))
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.5_r1 [netd-udev-fix]
• Submission: by: Daniel R. Thomas, on: 2013-09-04

Android Browser Exploit WebKit

(json)

• CVE numbers: CVE-2011-1202 [webkit-and4-nvd1], CVE-2012-2825 [webkit-and4-nvd2], CVE-2012-2871 [webkit-and4-nvd3]
• Coordinated disclosure?: false
• Categories: system
• Details: A series of vulnerabilities in XSL in WebKit that allow denial of service and other effects [webkit-and4-nvd3]
• Discovered by: Hacking Team [android-paper] on: Unknown
• Reported on: 2011-02-22 [webkit-and4-redhat]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.0 to 4.3 [android-paper] regex: 4.[0-3].[0-9]
• Affected devices: all [webkit-and4-nvd3]
• Affected manufacturers: all [webkit-and4-nvd3]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-08

levitator

(json)

• CVE numbers: CVE-2011-1350 [citation-needed], CVE-2011-1352 [citation-needed]
• Coordinated disclosure?: true
• Categories: kernel
• Details: Improper bounds checking in the PowerVR driver as used in versions of Android prior to 2.3.6 when copying user data to kernel memory allows a malicious local application to write to the same area of memory referenced in CVE-2011-1350, potentially allowing for arbitrary code execution and privilege escalation. [citation-needed]
• Discovered by: Geremy Condra [security-focus-57900][archived] on: 2011-03-10 [CVE-2011-1350]
• Reported on: Unknown
• Fixed on: Unknown
• Fix released on: 2011-09-02 [w-ard-ver-hist], 2011-09-29 [tag-android-2.3.6_r1]
• Affected versions: 1.0 -- 2.3.5 [citation-needed] regex: (1.[0-9].[0-9])|(2.(([0-2].[0-9])|(3.[0-5])))
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.6 [citation-needed]
• Submission: by: Daniel R. Thomas, on: 2013-09-02

Gingerbreak

(json)

• CVE numbers: CVE-2011-1823 [CVE-2011-1823]
• Coordinated disclosure?: false
• Categories: system
• Details: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges [citation-needed]
• Discovered by: The Android Exploid Crew [citation-needed] on: Unknown
• Reported on: 2011-04-21 [c-skills-gingerbreak][archived], 2011-04-21 [xda-forum-gingerbreak]
• Fixed on: 2011-04-18 [patch-vold-gingerbreak], 2011-04-18 [patch-netd-gingerbreak], 2011-04-18 [patch-core-gingerbreak]
• Fix released on: 2011-04-29 [productforums-ard-2.3.4]
• Affected versions: 2.2, 2.3, 2.3.1, 3.0 [citation-needed] regex: (2.(([0-2].[0-9])|(3.[0-3])))|(3.0.[0-9])
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.4 [tag-android-2.3.4_r1], 3.1 [ard-dev-3.1-release][archived]
• Submission: by: Daniel R. Thomas, on: 2013-09-02

Browser Cross-App Scripting

(json)

• CVE numbers: CVE-2011-2357 [watchfire-crossapp][archived]
• Coordinated disclosure?: true
• Categories: app
• Details: Android browser could be tricked into running javascript in the domain of a different app [watchfire-crossapp][archived]
• Discovered by: Roee Hay and Yair Amit of the IBM Rational Application Security Research Group [citation-needed] on: Unknown
• Reported on: 2011-07-31 [watchfire-crossapp][archived]
• Fixed on: 2011-06-20 [browser-fix]
• Fix released on: Unknown
• Affected versions: 2.3.4, 3.1 [watchfire-crossapp][archived] regex:
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.5, 3.2 [citation-needed]
• Submission: by: Roee Hay, on: 2015-10-15

zergRush

(json)

• CVE numbers: CVE-2011-3874 [citation-needed]
• Coordinated disclosure?: false
• Categories: system
• Details: [android-issue-21681]
• Discovered by: The Revolutionary development team [citation-needed] on: 2011-10-06 [github-zergrush]
• Reported on: 2011-11-09 [android-issue-21681]
• Fixed on: 2011-11-09 [android-issue-21681]
• Fix released on: 2011-11-21 [tag-android-2.2.3_r1]
• Affected versions: Android 2.2.x up to and including to 2.2.2, Android 2.3.x up to and including to 2.3.6 [citation-needed] regex: 2.(([0-1].[0-9])|(2.[0-2])|(3.[0-6]))
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.2.3, 2.3.7, 3.x+ [citation-needed]
• Submission: by: Daniel R. Thomas, on: 2013-08-28

TacoRoot

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: permissions
• Details: HTC recovery log on some devices is world writable and so can be deleted and symlinked to /data/local.prop to allow root on reboot, this is a appears to be a unstable exploit and requires the user to reboot into recovery mode [gh-cunninglogic-tacoroot][archived]
• Discovered by: Justin Case (jcase) and Dan Rosenberg [gh-cunninglogic-tacoroot-sh][archived] on: 2012-01-01 [gh-cunninglogic-tacoroot-fc]
• Reported on: 2011-12-29 [rootzwiki-tacoroot][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: HTC [rootzwiki-tacoroot][archived]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07