HIGH🇵🇱 Wersja polska

CVE-2011-2344

CVSS 10.0v2.0pub. 2011-07-08upd. 2026-04-29

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Google Android

    OS
    Google
    2.12.22.2.12.2.22.32.3.32.3.43.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...