536 matches found
CVE-2016-10275
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-10277
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing...
CVE-2016-10275
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-10276
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-10277
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing...
CVE-2016-10275
CVE-2016-10275 is an elevation-of-privilege vulnerability in the Qualcomm bootloader that could allow a local malicious Android app to execute arbitrary code in the kernel context. Public documentation ties this to Qualcomm bootloader flaws and Android patch coverage. The Android May 2017 bulleti...
CVE-2016-10276
CVE-2016-10276 (Qualcomm bootloader) targets the Qualcomm bootloader on Android devices, enabling a local malicious app to execute arbitrary code within the kernel context (elevation of privilege). The issue is described as critical due to potential local, permanent device compromise that may req...
CVE-2016-10277
CVE-2016-10277 : An elevation-of-privilege in the Motorola bootloader allows a local app to run arbitrary code in the bootloader context by exploiting kernel command-line injection, leading to potential full device compromise. Affected: Android with Kernel-3.10 and Kernel-3.18. Exploitation evide...
Google Nexus 9 Cypress SAR Firmware Injection via I2C(CVE-2017-0563)
Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a sensor SoC manufactured by Cypress. The sensor is manag...
Google Nexus 9 SensorHub Firmware Downgrade Vulnerability(CVE-2017-0582)
Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a SoC manufactured by Cywee which implements a “Sensor...
CVE-2017-5948
CVE-2017-5948 is a downgrade-attack vulnerability in OnePlus OxygenOS and HydrogenOS OTA updates. The root cause is a lenient updater-script in OTAs for OnePlus One, X, 2, 3, and 3T that does not enforce that the current version is
CVE-2016-10276
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-10277
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing...
CVE-2016-10275
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
Design/Logic Flaw
DISPUTED Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The produc...
CVE-2017-7305
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contain...
Command injection
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
OxygenOS Code Execution Vulnerability
The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. A code execution vulnerability exists in OxygenOS versions prior to 4.0.2. On the OnePlus 3 and 3T, two hidden fastbootoem commands 4F500301 and 4F500302 allow an...