var-201208-0355
Vulnerability from variot
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. Samsung and HTC Made Android Certain terminals have a vulnerability in which information entered by the user is leaked. Samsung and HTC Made Android The information entered by the user is stored on a specific device model. dmseg There are vulnerabilities that can be referenced using commands.The phone number entered by the user by a third party PIN A number may be obtained. Users who have access to the affected device and can execute the dmesg application can view the dmesg buffer data without root or administrator privileges. May be used to read PIN numbers, short messages, phone numbers, etc. Multiple Samsung and HTC Devices are prone to an information-disclosure vulnerability. Successful attacks can allow an attacker to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "galaxy s",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "merge",
"scope": null,
"trust": 1.4,
"vendor": "htc",
"version": null
},
{
"model": "evo shift 4g",
"scope": null,
"trust": 1.4,
"vendor": "sprint",
"version": null
},
{
"model": "g2",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": null
},
{
"model": "mytouch 3g slide",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": null
},
{
"model": "chacha",
"scope": "eq",
"trust": 1.0,
"vendor": "htc",
"version": null
},
{
"model": "merge",
"scope": "eq",
"trust": 1.0,
"vendor": "htc",
"version": null
},
{
"model": "status",
"scope": "eq",
"trust": 1.0,
"vendor": "att",
"version": null
},
{
"model": "mytouch 4g slide",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": null
},
{
"model": "evo shift 4g",
"scope": "eq",
"trust": 1.0,
"vendor": "sprint",
"version": null
},
{
"model": "desire",
"scope": "eq",
"trust": 1.0,
"vendor": "htc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "htc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "at\u0026t status",
"scope": null,
"trust": 0.8,
"vendor": "at t",
"version": null
},
{
"model": "chacha",
"scope": null,
"trust": 0.8,
"vendor": "htc",
"version": null
},
{
"model": "desire",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "z"
},
{
"model": "t-mobile g2",
"scope": null,
"trust": 0.8,
"vendor": "t mobile",
"version": null
},
{
"model": "t-mobile mytouch 3g slide",
"scope": null,
"trust": 0.8,
"vendor": "t mobile",
"version": null
},
{
"model": "t-mobile mytouch 4g slide",
"scope": null,
"trust": 0.8,
"vendor": "t mobile",
"version": null
},
{
"model": "mytouch 4g slide",
"scope": null,
"trust": 0.6,
"vendor": "t mobile",
"version": null
},
{
"model": "desire z t-mobile g2",
"scope": null,
"trust": 0.6,
"vendor": "htc",
"version": null
},
{
"model": "mytouch 3g slide",
"scope": null,
"trust": 0.6,
"vendor": "t mobile",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#251635"
},
{
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:htc:merge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sprint:evo_shift_4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:chacha:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:att:status:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:t-mobile:g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:t-mobile:mytouch_3g_slide:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:desire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:t-mobile:mytouch_4g_slide:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2980"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Glenn ten Cate",
"sources": [
{
"db": "BID",
"id": "55047"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.1,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 2.7,
"id": "CVE-2012-2980",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-2980",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2980",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-2980",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-311",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#251635"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT\u0026T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. Samsung and HTC Made Android Certain terminals have a vulnerability in which information entered by the user is leaked. Samsung and HTC Made Android The information entered by the user is stored on a specific device model. dmseg There are vulnerabilities that can be referenced using commands.The phone number entered by the user by a third party PIN A number may be obtained. Users who have access to the affected device and can execute the dmesg application can view the dmesg buffer data without root or administrator privileges. May be used to read PIN numbers, short messages, phone numbers, etc. Multiple Samsung and HTC Devices are prone to an information-disclosure vulnerability. \nSuccessful attacks can allow an attacker to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"db": "CERT/CC",
"id": "VU#251635"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"db": "BID",
"id": "55047"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2980",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#251635",
"trust": 3.8
},
{
"db": "BID",
"id": "55047",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-4327",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#251635"
},
{
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"db": "BID",
"id": "55047"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"id": "VAR-201208-0355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4327"
}
],
"trust": 1.3071256133333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4327"
}
]
},
"last_update_date": "2023-12-18T13:57:53.464000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.att.com/"
},
{
"title": "Application security fix",
"trust": 0.8,
"url": "http://www.htc.com/www/help/app-security-fix/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sprint.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.t-mobile.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.samsung.com/jp/"
},
{
"title": "Patch for Samsung and HTC Device Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/19893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "NVD",
"id": "CVE-2012-2980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/251635"
},
{
"trust": 2.4,
"url": "http://www.htc.com/www/help/app-security-fix/"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/mapg-8r5ld6"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2980"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu251635"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2980"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55047"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#251635"
},
{
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"db": "BID",
"id": "55047"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#251635"
},
{
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"db": "BID",
"id": "55047"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-16T00:00:00",
"db": "CERT/CC",
"id": "VU#251635"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"date": "2012-08-16T00:00:00",
"db": "BID",
"id": "55047"
},
{
"date": "2012-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"date": "2012-08-21T10:46:10.513000",
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-24T00:00:00",
"db": "CERT/CC",
"id": "VU#251635"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4327"
},
{
"date": "2012-08-16T00:00:00",
"db": "BID",
"id": "55047"
},
{
"date": "2012-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003815"
},
{
"date": "2012-08-21T10:46:10.513000",
"db": "NVD",
"id": "CVE-2012-2980"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung and HTC android phone information disclosure vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#251635"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-311"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.