148 matches found
CVE-2016-6707
CVE-2016-6707 affects Android System Server with a local privilege-escalation via ashmem-backed Bitmaps. The issue stems from mismatched memory sizes: ashmem (ASHMEM_SET_SIZE) defines the region size, but memory mappings (mmap) in Parcel::readBlob use a bitmap-derived len, and Bitmap creation sto...
Google Android System Server Remote Elevation of Privilege Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System Server is a system server. A remote elevation of privilege vulnerability exists in System Server in Android. An attacker can exploit this vulnerability with a...
Android system_server Privilege Acquisition Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System Server is a system server. A privilege acquisition vulnerability exists in systemserver in versions of Android prior to 2016-10-05 on Nexus-based devices. An...
Google Android - Binder Generic ASLR Leak
Google Android - Binder Generic ASLR Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=889 The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDERTYPEBINDER or BINDERTYPEWEAKBINDER, a pointer to that object...
CVE-2016-6674
systemserver in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380...
UBUNTU-CVE-2016-6674
systemserver in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380...
CVE-2016-2412
include/core/SkPostConfig.h in Skia, as used in Systemserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or...
UBUNTU-CVE-2016-2412
include/core/SkPostConfig.h in Skia, as used in Systemserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or...
Android System Server Module Elevation of Privilege Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System Server is a system server. An elevation of privilege vulnerability exists in the System Server module of Android. A local attacker can exploit this vulnerability t...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the System Server component in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information through a specially created application...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information or enhance their privileges
The vulnerability of the System Server component in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or enhance their privileges through a specially...
Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code
The vulnerability of the Windows operating system’s DNS server relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through specially crafted requests from a remote location...
Android System Server Information Disclosure Vulnerability (CNVD-2015-08051)
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in the implementation of System Server in versions prior to Android 6.0 2015-12-01, which can be exploited by a remote attacker to gain access to sensitive information via a constructed...
Android System Server Information Disclosure Vulnerability
Android is a cell phone operating system based on the Linux open kernel. Versions of System Server prior to Android 6.0 2015-12-01 have a security vulnerability in their implementation, which can be exploited by a remote attacker to gain access to sensitive information and then elevate privileges...
CVE-2015-6625
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840...
CVE-2015-6624
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740...
Code injection
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740...
CVE-2015-6625
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840...
CVE-2015-6624
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740...
CVE-2015-6624
CVE-2015-6624 affects Android 6.0 and earlier builds; System Server information disclosure allows a crafted application to obtain sensitive permissions (Signature or SignatureOrSystem). The vulnerability is described as a local information-disclosure in System Server, enabling access to restricte...