Refine your search

4 vulnerabilities found for sp mode mail by NTT DOCOMO, INC.

jvndb-2014-000029
Vulnerability from jvndb
Published
2014-03-18 14:09
Modified
2014-03-25 19:25
Severity ?
() - -
Summary
sp mode mail vulnerability where Java methods may be executed
Details
sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html",
  "dc:date": "2014-03-25T19:25+09:00",
  "dcterms:issued": "2014-03-18T14:09+09:00",
  "dcterms:modified": "2014-03-25T19:25+09:00",
  "description": "sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail.\r\n\r\nHironori Tokuta reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html",
  "sec:cpe": {
    "#text": "cpe:/a:nttdocomo:spmode_mail_android",
    "@product": "sp mode mail",
    "@vendor": "NTT DOCOMO, INC.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000029",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN89260331/index.html",
      "@id": "JVN#89260331",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1979",
      "@id": "CVE-2014-1979",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1979",
      "@id": "CVE-2014-1979",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-DesignError",
      "@title": "No Mapping(CWE-DesignError)"
    }
  ],
  "title": "sp mode mail vulnerability where Java methods may be executed"
}

jvndb-2014-000028
Vulnerability from jvndb
Published
2014-03-18 14:08
Modified
2014-03-25 19:24
Severity ?
() - -
Summary
sp mode mail issue where emails in the process of creation may be accessed
Details
sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html",
  "dc:date": "2014-03-25T19:24+09:00",
  "dcterms:issued": "2014-03-18T14:08+09:00",
  "dcterms:modified": "2014-03-25T19:24+09:00",
  "description": "sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data.\r\n\r\nHironori Tokuta reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html",
  "sec:cpe": {
    "#text": "cpe:/a:nttdocomo:spmode_mail_android",
    "@product": "sp mode mail",
    "@vendor": "NTT DOCOMO, INC.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000028",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN05951929/index.html",
      "@id": "JVN#05951929",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1978",
      "@id": "CVE-2014-1978",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1978",
      "@id": "CVE-2014-1978",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "sp mode mail issue where emails in the process of creation may be accessed"
}

jvndb-2014-000027
Vulnerability from jvndb
Published
2014-03-18 14:07
Modified
2014-03-24 19:04
Severity ?
() - -
Summary
sp mode mail issue when accessing attachments in incoming mail
Details
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Satoru Takekoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html",
  "dc:date": "2014-03-24T19:04+09:00",
  "dcterms:issued": "2014-03-18T14:07+09:00",
  "dcterms:modified": "2014-03-24T19:04+09:00",
  "description": "sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.\r\n\r\nSatoru Takekoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html",
  "sec:cpe": {
    "#text": "cpe:/a:nttdocomo:spmode_mail_android",
    "@product": "sp mode mail",
    "@vendor": "NTT DOCOMO, INC.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000027",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN81739241/index.html",
      "@id": "JVN#81739241",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1977",
      "@id": "CVE-2014-1977",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1977",
      "@id": "CVE-2014-1977",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "sp mode mail issue when accessing attachments in incoming mail"
}

jvndb-2012-000037
Vulnerability from jvndb
Published
2012-04-26 14:21
Modified
2012-04-26 14:21
Severity ?
() - -
Summary
sp mode mail issue in the verification of SSL certificates
Details
sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html",
  "dc:date": "2012-04-26T14:21+09:00",
  "dcterms:issued": "2012-04-26T14:21+09:00",
  "dcterms:modified": "2012-04-26T14:21+09:00",
  "description": "sp mode mail contains an issue in the verification of the SSL server certificate.\r\n\r\nsp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.\r\n\r\nTsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html",
  "sec:cpe": {
    "#text": "cpe:/a:nttdocomo:spmode_mail_android",
    "@product": "sp mode mail",
    "@vendor": "NTT DOCOMO, INC.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000037",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN82029095/index.html",
      "@id": "JVN#82029095",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1244",
      "@id": "CVE-2012-1244",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1244",
      "@id": "CVE-2012-1244",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "sp mode mail issue in the verification of SSL certificates"
}