Search CVE reports
1 – 9 of 9 results
CVE-2014-1887
Medium priorityThe DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information,...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2014-1886
Medium priorityThe Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2014-1885
Medium priorityThe ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2014-1884
Medium priorityApache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2014-1883
Medium priorityAdobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2014-1882
Medium priorityApache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2014-1881
Medium priorityApache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2012-6637
Medium priorityApache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | — | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2012-6636
Medium priorityThe Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript...
2 affected packages
cordova-ubuntu, cordova-ubuntu-3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cordova-ubuntu | Not in release | Not in release | Not in release | Not in release | Not in release |
cordova-ubuntu-3.4 | Not in release | Not in release | Not in release | Not in release | Vulnerable |