Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Vulnerabilities fixed in Google Android

Google has fixed vulnerabilities in the Android OS. A malicious party could misuse the vulnerabilities to gain access to sensitive data or give himself elevated privileges. To do this, the malicious party must trick the victim into installing a rogue app to install. The vulnerability with referen...

Google Android 资源管理错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Media Framework component of Google Android versions 8.1, 9, 10, and 11. No details of the vulnerability are...

Google Android 输入验证错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Media Framework component of Google Android 8.1, 9, 10, and 11. No details of the vulnerability are provided a...

LG Mobile Devices With Android OS Resource Management Error Vulnerability

LG mobile is a line of mobile device products from LG. LG Mobile devices Google Android OS 8.0, 8.1, 9.0, and 10 software suffer from a resource management error vulnerability that stems from the USB laf gadget having a use-after-free...

CVE-2021-0311

In ElementaryStreamQueue::dequeueAccessUnitH264 of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android;...

ALPINE-CVE-2021-0308

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1,...

Google Android Framework elevation of privilege vulnerability (CNVD-2020-54072)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit this vulnerability to gain...

Google Android Framework Information Disclosure Vulnerability (CNVD-2020-54068)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit the vulnerability to obtain...

Google Android Framework Denial of Service Vulnerability (CNVD-2020-44371)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A denial of service vulnerability exists in the Framework component of Google Android 8.0, 8.1, and 10, which can be exploited by an attacker to cause a denial of...

CVE-2020-0039

In rwi93smupdatendef of rwi93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

Google Android System elevation of privilege vulnerability (CNVD-2020-07209)

Android is a Linux-based free and open source operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the System component of Google Android 8.0, 8.1, 9, and 10. No details of the vulnerability are available at this time...

PT-2020-11391 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 8.0 through 10 Description: The issue is related to a possible out of bounds write due to an incorrect bounds calculation in the Bluetooth stack, which could lead to remote code execution over Bluetooth with no additional...

CVE-2019-2229

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8....

CVE-2018-9561

In llcputilparseconnect of llcputil.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

Google Android System Component Information Disclosure Vulnerability (CNVD-2019-07375)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the System component of Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9. An attacker can exploit the vulnerability to...

CVE-2017-13265

A elevation of privilege vulnerability in the Android system OTA updates. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423...

CVE-2017-13200

An information disclosure vulnerability in the Android media framework av related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526...