UBUNTU-CVE-2017-5009

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: address spoofing in omnibox

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...

CVE-2016-5219

A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2016-8464

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current...

chromium-browser: address spoofing in omnibox

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...

CVE-2016-6731

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-3854

drivers/media/video/msm/msmmctlbuf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm internal...

Android NVIDIA Camera Driver Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and the NVIDIA camera driver in Android is one of the camera drivers used in it. The NVIDIA camera driver in Android versions prior to 016-07-05 on Nexus 9 devices is vulnerable t...

CVE-2016-2480

The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

Unspecified Vulnerability in Samsung KNOX

Samsung KNOX is a suite of enterprise mobile security solutions from Samsung South Korea. A security vulnerability exists in versions 1.0 and 2.3 of Samsung KNOX, which is based on the Android platform, and can be exploited by attackers to leak Clipboard data and execute arbitrary code...

Android Open Source Platform (AOSP) Browser UXSS

No description provided by source...

Nexus Security Bulletin—January 2016Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY49F or later and Android 6.0 with Security Patch Level...

The Android platform under the two-dimensional code vulnerabilities bloopers-vulnerability warning-the black bar safety net

0x00 Preface Now the Android App for almost all two-dimensional code scanning function, if it does not take into account the two-dimensional code there may be security issues that will cause scan two-dimensional code will be subject to vulnerability attacks, serious may cause the phone to be...

Chrome 0day so that millions of Android devices suffer from a remote threat-vulnerability warning-the black bar safety net

! From China qihoo 3 6 0 security researcher Guang Gong in the latest version of the Android platform, Chrome browser found a serious 0day vulnerability, which allows attacker to obtain the victim's cell phone the full administrator access, and the vulnerability of the use of the code to be able ...

ILegendSoft Mercury Browser For Android Has Multiple Vulnerabilities

ILegendSoft Mercury Browser for Android is a smart terminal browser based on the Android platform from China's ILegendSoft ILS. A directory traversal vulnerability and a security bypass vulnerability exists in ILS Mercury Browser for Android, which can be exploited by attackers to bypass security...

Android sqlite load_extension vulnerability analysis-vulnerability warning-the black bar safety net

SQLite from 3. 3. 6 version http://www.sqlite.org/cgi/src/artifact/71405a8f9fedc0c2 start provides support for expansion of capacity, by sqliteloadextension API or loadextensionSQL statement, developers can not change the SQLite source code of the case, through the dynamic loading of libraries,...

Newphoria applican framework authentication bypass vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. An authentication bypass vulnerability exists in Newphoria applican framework. This allows attackers to bypass the whitelist.xml URL whitelist...

applican vulnerable to URL whitelist bypass

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...

flash-plugin: multiple code execution issues fixed in APSB15-11

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before...

Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net

0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...