75 matches found
EUVD-2014-1499
Malware in sbrugna...
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...
Design/Logic Flaw
DISPUTED UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as...
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...
CVE-2022-40297
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...
CVE-2022-40297
UBports Ubuntu Touch 16.04 is affected by CVE-2022-40297 where the screen-unlock 4-digit passcode is usable as the sudo password, enabling privilege escalation to a privileged shell. The root cause described across sources is that a four-digit screen unlock code can be exploited to gain root via ...
Ubuntu Touch 安全漏洞
Ubuntu Touch is an operating system for mobile devices from the UBports Foundation. It is designed for touchscreen mobile devices. A security vulnerability exists in UBports Foundation Ubuntu Touch version 16.04, which stems from the fact that passwords are only four digits long, well below the...
Exploit for Improper Privilege Management in Ubports Ubuntu_Touch
UPDATE 09.09.2022 I got new CV...
CVE-2014-1423
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oau...
CVE-2014-1423
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oau...
Information disclosure
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oau...
CVE-2014-1423
CVE-2014-1423 affects signond used in Ubuntu Touch. The vulnerability arises from incorrect checks that allow applications to query OAuth tokens and from not installing the signon-apparmor-extension.Impact: an attacker could craft a malicious click app to collect OAuth tokens from other apps. No ...
CVE-2014-1423 Online Accounts Signon daemon gives out all oauth tokens to any app
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oau...
CVE-2015-5327
Out-of-bounds memory read in the x509decodetime function in x509certparser.c in Linux kernels 4.3-rc1 and after...
CVE-2015-9004
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perfpmuregister and perfeventopen functions...
CVE-2017-0574
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...
CVE-2017-7308
The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service integer signedness error and out-of-bounds write, or gain privileges if the CAPNETRAW capability is held...