Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37770PUBLISHED: 2022-06-30
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with sh...
CVE-2021-37778PUBLISHED: 2022-06-30There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.
CVE-2013-4146PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental u...
CVE-2013-4170PUBLISHED: 2022-06-30
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to ...
CVE-2021-41506PUBLISHED: 2022-06-30
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R...
User Rank: Apprentice
12/9/2013 | 8:19:59 PM
In fact, the major "master key" exploit, which is one of the biggest security holes, was patched by Cyanogenmod long before the vast majority of manufacturers got around to fixing it.
http://www.ubergizmo.com/2013/07/cyanogenmod-10-1-2-fixes-android-master-key-exploit/
Also, generally rooting allows you to do things like fix the security holes in the system. Rooting installs a root control app (Superuser/SuperSu, etc) that restricts access to only apps the user allows. While the device can still be comprimised using privledge escalation vulnerabilities just like any other device, rooting will not make your device insecure. The very fact that a device can be rooted using exploits means it is inheirently insecure due to those same exploits. A malicious piece of software could exploit them just as easily. Rooting doesn't change that, unless you go deeper and actually fix the hole (assuming you can). Hence where custom ROMs come in - when a vulnerability is found, they release patches in less than a month. The only other OEM who comes close to that speed is Google. Nearly every other manufacturer takes months if not years to push an update through to end users.