489 matches found
CVE-2018-15000
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot versionCode=1, versionName=3.0.0. This app contains an exported service named...
CVE-2018-14996
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
Input validation
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
Authentication flaw
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains the android framework i.e., systemserver with a package name of android versionCode=24, versionName=7.0 that has been modified by ASUS or...
Directory traversal
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot versionCode=1, versionName=3.0.0. This app contains an exported service named...
CVE-2018-14980
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains the android framework i.e., systemserver with a package name of android versionCode=24, versionName=7.0 that has been modified by ASUS or...
CVE-2018-14994
CVE-2018-14994 affects the Essential Phone on Android 8.1.0 where a pre-installed platform app (package: com.ts.android.hiddenmenu) exposes an activity (com.ts.android.hiddenmenu.rtn.RTNResetActivity) that can initiate a factory reset from any co-located app without permissions. This could lead t...
CVE-2018-14993
The CVE-2018-14993 issue affects ASUS Zenfone V Live (build asus/VZW_ASUS_A009/ASUS_A009:7.1.1) and Asus ZenFone 3 Max (build asus/US_Phone/ASUS_X008_1:7.0). A pre-installed platform app, com.asus.splendidcommandagent (versionCode 1510200090, versionName 1.2.0.18_160928), contains an exported ser...
CVE-2018-14989
The CVE-2018-14989 entry concerns Plum Compass devices where a pre-installed platform app (com.android.settings, versionCode 23) exposes an exported broadcast receiver. This component allows any co-located app to programmatically perform a factory reset without requiring permissions, potentially ...
Design/Logic Flaw
The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-android.20170630.092853 that contains an exported...
Input validation
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069trxl601sky/x6069trxl601sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper versionCode=238, versionName=2.3.8 that contains an exported broadcast...
CVE-2018-14984
The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging versionCode=1000110, versionName=1.0.001, android.20170630.092853-0 with an exported broadca...
CVE-2018-14985
The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-android.20170630.092853 that contains an exported...
CVE-2018-14986
The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging versionCode=1000110, versionName=1.0.001, android.20170630.092853-0 containing an exported...
CVE-2018-14986
The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging versionCode=1000110, versionName=1.0.001, android.20170630.092853-0 containing an exported...
CVE-2018-14988
The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201N/m201N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android versionCode=19, versionName=4.4.2-20170213 that contains an exported broadcast receiver application component that, wh...
CVE-2018-14988
The CVE-2018-14988 entry describes an issue in MXQ TV Box 4.4.2 where an exported Android framework broadcast receiver component (com.android.server.SystemRestoreReceiver) is accessible without permissions and can write to /cache/recovery/command to trigger boot into recovery mode. This can forma...
CVE-2018-15007
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069trxl601sky/x6069trxl601sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper versionCode=238, versionName=2.3.8 that contains an exported broadcast...
CVE-2018-14998
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical acce...
CVE-2018-14985
The CVE-2018-14985 entry concerns the Leagoo Z5C (build sp7731c_1h10_32v4_bird:6.0) where a pre-installed platform app (com.android.settings, versionCode 23) contains an exported broadcast receiver that allows any on-device app to programmatically initiate a factory reset. The initiating app does...