148 matches found
CVE-2019-1988
In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in systemserver with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0...
Google Android Framework Component Remote Code Execution Vulnerability (CNVD-2019-23561)
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A remote code execution vulnerability exists in the Framework component of Google Android 8.0, 8.1, and 9. An attacker can exploit this vulnerability to potentially cause...
Google Android Framework Component Remote Code Execution Vulnerability
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A remote code execution vulnerability exists in the Framework component of Google Android 9. An attacker can exploit this vulnerability to potentially cause a remote...
CVE-2018-19505
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a...
CVE-2018-19505
Remedy AR System Server in BMC Remedy 7.1 is affected by an impersonation flaw in WOI:WorkOrderConsole’s userdata.js. The root cause is a username substitution via UserData_Init, allowing a user to assume another user’s identity in certain scenarios. Impact is user impersonation with elevated ris...
Android Permission License and Access Control Vulnerability (CNVD-2019-09146)
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in the GraphicBuffer.cpp file's unflatten in Android versions 8.1 and 9, which stems from the program not properly validating input. An attacker...
BMC Remedy 7.1 User Impersonation
...
Android (zygote->init;) Chain from USB Privilege Escalation Exploit
Exploit for Android platform in category local exploits After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...
PT-2018-17588 · Unknown · Cms Server +1
Name of the Vulnerable Software and Affected Versions: UCMBD Server versions 10.20 through 11.0 CMS Server version 2018.05 BACKGROUND Description: A remote Cross-site Request forgery CSRF potential has been identified, which could allow for remote unsafe deserialization and cross-site request...
Privilege escalation
An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361...
CVE-2017-13173
An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361...
CVE-2017-13173
CVE-2017-13173 is an elevation of privilege vulnerability affecting the MediaTek system server on Android. The issue targets the system server component (within MediaTek integration) and is described as an Android kernel topic, with local access requirements and high impact on confidentiality, in...
ALPINE-CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
Apple Mac OS X and Mac OS X Server Kernel Elevation of Privilege Vulnerability
Apple Mac OS X and Apple Mac OS X Server are products of Apple, Inc. Apple Mac OS X is a specialized operating system for Mac computers, and Apple Mac OS X Server is a server operating system, of which ImageIO is a static method used to perform common image ImageIO is a static method used to...
Linux kernel denial of service vulnerability (CNVD-2017-06843)
Linux is an open source computer operating system kernel. A denial of service vulnerability exists in the NFSv2/NFSv3 server in the nfsd subsystem of Linux kernel version 4.10.11. It allows remote attackers to cause a denial of service via a long RPC reply...
CVE-2017-5217
Installing a zero-permission Android application on certain Samsung Android devices with KK4.4, L5.0/5.1, and M6.0 software can continually crash the systemserver process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded withi...
Default credentials
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password...
CVE-2016-6707
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...
CVE-2016-6707
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...
UBUNTU-CVE-2016-6707
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local...