CVE-2015-8666

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator...

Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE (CVE-2017-0561)

详细分析：https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi4.html Posted by Gal Beniamini, Project Zero It's a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern...

CVE-2017-5538

The kbasedispatch function in arm/t7xx/r5p0/malikbasecorelinux.c in the GPU driver on Samsung devices with M6.0 and N7.0 software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362...

HiSilicon ASIC Firmware Multiple Vulnerabilities (Feb 2017) - Active Check

HiSilicon ASIC firmware are prone to multiple vulnerabilities: 1. Buffer overflow in built-in webserver 2. Directory path traversal built-in webserver SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

CVE-2017-0433

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

Privilege escalation

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

CVE-2017-0434

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

UBUNTU-CVE-2017-0433

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

UBUNTU-CVE-2017-0434

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

CVE-2016-4038

Array index error in the msmsensorconfig function in kernel/SM-G9008VCHNKKOpensource/Kernel/drivers/media/platform/msm/camerav2/sensor/msmsensor.c in Samsung devices with Android KK4.4 or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the...

CVE-2016-4038

The CVE-2016-4038 issue affects Samsung devices running Android KK (4.4) or L on APQ8084, MSM8974, or MSM8974pro, due to an array bounds issue in msm_sensor_config (kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c). Local users could exploit gpio_config.gpio_name to cause unspecifi...

CVE-2016-9278

The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service kernel panic via a crafted ioctl command. The Samsung ID is SVE-2016-6736...

Input validation

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

CVE-2016-10135

Technical details for CVE-2016-10135 are not publicly provided in the supplied documents; monitor for updates as connected sources do not reveal affected components or remediation.

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

Internet Bug Bounty: Crash (DoS) when parsing a hostile TIFF

The issue was reported and resolved by PHP's security team: Ticket 73737: https://bugs.php.net/bug.php?id=73737 Git Commit: http://git.php.net/?p=php-src.git;a=commit;h=1cda0d7c2ffb62d8331c64e703131d9cabdc03ea The EXIF module in all PHP versions 5.6.9 and below, 7.1.0 and below is vulnerable to a...

Google Patches Quadrooter Vulnerabilities in Android

The Quadrooter vulnerabilities made a lot of people take notice because the scale of affected Android devices more than 900,000 put it on a level with Stagefright and other bugs that impact a large majority of the Android ecosystem. Some details on the four vulnerabilities were publicly disclosed...

Qualcomm Chip Flaw Leaves 900m Android Devices Open to Attack

Four vulnerabilities found in Qualcomm chips used in 900 million Android devices leave affected phones and tablets open to attacks that could give hackers complete system control. Researchers at Check Point who found the flaw are calling the vulnerability Quadrooter and say that a patch isn’t...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the CPU performance module of Qualcomm ARM’s Android operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...