587 matches found
ColorNote 4.1.9 - Denial of Service (PoC)
Exploit Title: ColorNote 4.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=esMX Version: 4.1.9 Category: DoS Android Vulnerability Color Note is vulnerable to a DoS...
Blacknote 2.2.1 - Denial of Service Exploit
Exploit Title: Blacknote 2.2.1 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=esMX Version: 2.2.1 Category: DoS Android Vulnerability BlackNote Bloc de notas is vulnerable to a DoS condition when a...
EulerOS 2.0 SP3 : libexif (EulerOS-SA-2021-1809)
According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In exifentrygetvalue of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information...
EulerOS 2.0 SP3 : libjpeg-turbo (EulerOS-SA-2021-1810)
According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In generatejsimdyccrgbconvertneon of jsimdarm64neon.S, there is a possible out of bounds write due to a missing bounds check. This could lea...
EulerOS 2.0 SP5 : libjpeg-turbo (EulerOS-SA-2021-1686)
According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In generatejsimdyccrgbconvertneon of jsimdarm64neon.S, there is a possible out of bounds write due to a missing bounds check. This could lea...
CVE-2021-0312
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1,...
CVE-2021-0313
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...
CVE-2021-0306
In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...
CVE-2021-0317
In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...
CVE-2021-0309
In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9,...
CVE-2021-0304
In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android;...
Integer overflow
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1,...
Out-of-bounds
In ElementaryStreamQueue::dequeueAccessUnitH264 of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android;...
Out-of-bounds
In avrcparsvendorcmd of avrcparstg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...
Input validation
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...
Out-of-bounds
In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1,...
Design/Logic Flaw
In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android;...
CVE-2021-0311
In ElementaryStreamQueue::dequeueAccessUnitH264 of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android;...
CVE-2021-0316
In avrcparsvendorcmd of avrcparstg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...
CVE-2021-0317
In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...