28 matches found
CVE-2019-2117
In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-36842
An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57LV3.220220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component...
Lucy Gang Debuts with Unusual Android MaaS Package
There’s a fresh bloom in the malware-as-a-service garden: Researchers have uncovered a new Russian-speaking threat actor hawking a proprietary cyber-weapon dubbed “Black Rose Lucy.” The offering is a malware-as-a-service MaaS bundle with two parts, consisting of a controlling web interface which...
Google Android System Information Disclosure Vulnerability (CNVD-2018-22649)
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the System component of Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9, which can be exploited by attackers to obtain...
CVE-2017-14885
CVE-2017-14885 affects WLAN components in Android for MSM/CAF stacks (wma_unified_link_peer_stats_event_handler). The issue arises because the function validates only the first peer_stats->num_rates against WMA_SVC_MSG_MAX_SIZE, not the sum of all peer_stats->num_rates (num_rates). As a res...
CVE-2017-11089
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211setstation when user space application sends attribute NL80211ATTRLOCALMESHPOWERMODE with data of size less than 4 bytes...
CVE-2017-0504
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical...
SIPDroid Agent User Enumeration
=====Tempest Security Intelligence - Advisory 01/2011 ======================================================================================================================== User enumeration in SIPDroid Agent ---------------------------------- Author: Anibal Vaz Marques de Aguiar =====Table of...