Command injection

The cmdboot function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a...

CVE-2014-4325

The cmdboot function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a...

Design/Logic Flaw

Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORDQUALITYUNSPECIFIED option...

CVE-2013-6271

CVE-2013-6271 affects Android 4.0–4.3; a vulnerability in com.android.settings.ChooseLockGeneric allows an unprivileged app to bypass restrictions and remove the device lock by invoking updateUnlockMethodAndFinish with PASSWORD_QUALITY_UNSPECIFIED. Exploits/PoC exist (CRT-RemoveLocks; Metasploit ...

CVE-2013-5635

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.e...