Linux Distros Unpatched Vulnerability : CVE-2017-0550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Thi...

CVE-2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

Android 7 < 9 - Remote Code Execution

Exploit Title: Android 7-9 - Remote Code Execution Date: date Exploit Author: Marcin Kozlowski Version: 7-9 Tested on: Android CVE : 2019-2107 CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with...

Out-of-bounds

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2019-2022

In rwt3tacthandlefmtrsp and rwt3tacthandlesrorsp of rwt3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Out-of-bounds

In rwt2thandletlvdetectrsp of rwt2tndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

Out-of-bounds

In rwt3tacthandlecheckrsp of rwt3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

CVE-2019-2003

CVE-2019-2003 affects Android platforms (7.0–9) and is described across multiple sources (NVD, Red Hat, CVE entries, and Android bulletin) as an elevation of privilege/remote code execution risk via Linkify.java in addLinks, enabling phishing-like misdirection. Root cause is an unusual issue in L...

Out-of-bounds

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

Out-of-bounds

In rwt3tacthandlecheckndefrsp of rwt3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7....

Out-of-bounds

In btifdmdatacopy of btifcore.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

Information disclosure

In randomgetbytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9585

The CVE-2018-9585 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9 in the NFC subsystem. Root cause: a missing bounds check in nfc_ncif_proc_get_routing within nfc_ncif.cc leads to an out-of-bounds write. Impact: local elevation of privilege with no additional execution privileges needed;...

Out-of-bounds

In smpprocencinfo of smpact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

CVE-2018-9501

CVE-2018-9501 describes a vulnerability in the Android SetupWizard that allows a Factory Reset Protection bypass via a permissions bypass, enabling local escalation of privilege with no additional execution privileges and no user interaction required. Affected Android versions include 7.0, 7.1.1,...

Zerodium Triples its iOS 10 Bounty to $1.5 Million

Zerodium has tripled the bounty it offers for an Apple iOS 10 remote jailbreak, boosting the reward today to $1.5 million USD, founder Chaouki Bekrar said. Zerodium had previously offered $1 million for iOS 9 attacks that result in an untethered jailbreak, but that bounty was for a specific time...