UBUNTU-CVE-2017-5062

A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension...

Logic design flaws in Panda TV APP Android version

Panda TV mobile video client is a mobile video online playback platform jointly created by Sichuan Golden Panda New Media Co. There is a logical design loophole in the Android version of Panda TV APP, which allows attackers to register an account arbitrarily by grabbing packets and modifying the...

Unauthorized Access Vulnerability in the Android Version of Xinlian Energy Cloud APP

Xinlian Electricity Cloud App is an electric energy application that allows you to view the overall electricity consumption information and the information of each electricity sub-circuit online. Xinlian Electricity Cloud APP Android version has an unauthorized access vulnerability, which allows...

Shaoxing Public Security App for Android has information leakage vulnerability

Shaoxing Public Security APP is a convenient application launched by Shaoxing Public Security Bureau for the public, which provides the functions of inquiry, reservation, declaration and reminder of public security business, such as office service, police-community communication, police-community...

Shandong government service app for Android has SMS bombing vulnerability

Shandong government service APP is a government information software created by the Shandong Government Office. The software can release the latest information of Shandong government services in time, support personalized subscription, full-text search function, to provide faster service for the...

CAPTCHA Bypass Vulnerability in Genuine Technology APP Android Version

Chuangyuan Technology APP is a collection of intelligent property, intelligent parking, intelligent home, intelligent building control, green energy management and other intelligent park solutions, aiming to create intelligent office experience and life experience for all kinds of users in the pa...

CVE-2017-3742

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to t...

CVE-2017-0701

A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715...

CVE-2017-0688

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425...

Google Android System UI Remote Code Execution Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA for short. System UI is the system interface that comes with Android. A remote code execution vulnerability exists in System UI in Android versions 7.1.1 and 7.1.2. A remote attack...

chromium-browser: information leak in csp reporting

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

chromium-browser: use after free in chrome apps

A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension...

CVE-2017-0547

An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other...

CVE-2016-5857

The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR1094140...

chromium-browser: integer overflow in libxslt

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of...

chromium-browser: information disclosure in v8

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page...

CVE-2017-0445

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

chromium-browser: ui spoofing in blink

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...

CVE-2017-0388

An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate...