Total vulnerabilities in the database
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
| Software | From | Fixed in |
|---|---|---|
| google / android | 4.2 | 4.2.x |
| google / android | 4.1 | 4.1.x |
| google / android | 4.0.2 | 4.0.2.x |
| google / android | 4.4.3 | 4.4.3.x |
| google / android | 4.0.4 | 4.0.4.x |
| google / android | 4.3 | 4.3.x |
| google / android | 4.0.1 | 4.0.1.x |
| google / android | 4.2.1 | 4.2.1.x |
| google / android | 4.0.3 | 4.0.3.x |
| google / android | 4.0 | 4.0.x |
| google / android | 4.4 | 4.4.x |
| google / android | 4.4.1 | 4.4.1.x |
| google / android | - | 4.4.4.x |
| google / android | 4.2.2 | 4.2.2.x |
| google / android | 4.3.1 | 4.3.1.x |
| google / android | 4.4.2 | 4.4.2.x |
| google / android | 4.1.2 | 4.1.2.x |