Lucene search
K

204 matches found

Prion
Prion
added 2017/08/11 3:29 p.m.16 views

Buffer overflow

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur...

6.8CVSS8.2AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 2017/08/11 3:0 p.m.45 views

CVE-2017-8273

CVE-2017-8273: In Qualcomm CAF Android builds, a buffer overflow can occur while processing the fastboot boot command when verified boot is disabled, if the command length exceeds the boot image buffer. This affects the bootloader component and is described with a high-severity, local attack surf...

7.8CVSS7.6AI score0.00385EPSS
Exploits0References2Affected Software1
myhack58
myhack58
added 2017/06/13 12:0 a.m.860 views

Motorola G4 & G5 mobile phone was traced to the presence of high-risk kernel command line injection vulnerability-vulnerability warning-the black bar safety net

In a previous article about the Nexus6 root vulnerability in the article, we had mentioned Vulnerability CVE-2016-10277 will likely affect the Motorola device. When we on Twitter by some of the relevant reports after the fact to prove our previous conjecture. In order to prove that Motorola devic...

9.3CVSS0.3AI score0.09465EPSS
Exploits5
seebug.org
seebug.org
added 2017/05/26 12:0 a.m.358 views

initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection

In the May 2017 Android Security Bulletin, Google released a patch to a critical and unique vulnerability CVE-2016-10277 in the Nexus 6 bootloader we had found and responsibly disclosed. By exploiting the vulnerability, a physical adversary or one with authorized-ADB/fastboot USB access to the...

9.3CVSS7.9AI score0.09465EPSS
Exploits6
seebug.org
seebug.org
added 2017/05/12 12:0 a.m.53 views

OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot(CVE-2017-5625)

Products OnePlus 3T OnePlus 3 Vulnerable Version OxygenOS 4.0.2 and earlier Mitigation Install OxygenOS 4.0.3 or later Summary A physical attacker, PC malware / malicious charger having ADB or fastboot access to the device can cause a locked bootloader to partially dump the content of an arbitrar...

2.1CVSS6AI score0.00335EPSS
Exploits1
seebug.org
seebug.org
added 2017/05/12 12:0 a.m.44 views

OnePlus 3/3T OxygenOS SELinux Security Bypass(CVE-2017-5554)

Products OnePlus 3T OnePlus 3 Vulnerable Version OxygenOS prior to 4.0.2 Technical Details The attacker can reboot a OnePlus 3/3T device into the fastboot mode, which could be done without any authentication. A physical attacker can press the “Volume Up” button during device boot, where an attack...

9.3CVSS7.6AI score0.02997EPSS
Exploits1
seebug.org
seebug.org
added 2017/05/12 12:0 a.m.58 views

Google Nexus 9 SensorHub Firmware Downgrade Vulnerability(CVE-2017-0582)

Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a SoC manufactured by Cywee which implements a “Sensor...

7.6CVSS7.4AI score0.02087EPSS
Exploits3
seebug.org
seebug.org
added 2017/05/12 12:0 a.m.60 views

Google Nexus 9 Cypress SAR Firmware Injection via I2C(CVE-2017-0563)

Product Google Nexus 9 Vulnerable Version Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation Install N4F27B or later bootloader version 3.50.0.0143. Technical Details The Nexus 9 device contains a sensor SoC manufactured by Cypress. The sensor is manag...

9.3CVSS7.9AI score0.00889EPSS
Exploits3
OSV
OSV
added 2017/04/25 4:59 p.m.5 views

CVE-2017-5625

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition except 'keystore' by issuing the 'fastboot oem dump ' fastboot command...

4.6CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2017/04/25 4:59 p.m.20 views

CVE-2017-5625

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition except 'keystore' by issuing the 'fastboot oem dump ' fastboot command...

4.6CVSS4.8AI score0.00335EPSS
Exploits1References1
CVE
CVE
added 2017/04/25 4:0 p.m.53 views

CVE-2017-5625

The CVE affects OnePlus 3/3T devices running OxygenOS before 4.0.3. A compromised fastboot interface can allow an unauthorized attacker with physical access and bootloader that is locked to partially dump ciphertext content from arbitrary partitions (excluding keystore) via fastboot oem dump . Th...

4.6CVSS4.8AI score0.00335EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/04/20 12:0 a.m.12 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the HTC OEM fastboot Android operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the Sensor Hub special process, using a local malware applicati...

7.6CVSS7.6AI score0.02087EPSS
Exploits3References3
CNVD
CNVD
added 2017/04/10 12:0 a.m.41 views

Google Android HTC OEM fastboot command elevation of privilege vulnerability

Google Android is a mobile operating system based on the Linux open kernel. Google Android has a security vulnerability in the HTC OEM fastboot command implementation, which allows remote attackers to exploit the vulnerability to submit special applications with elevated privileges...

7.6CVSS6.9AI score0.02087EPSS
Exploits3References1
OSV
OSV
added 2017/04/07 10:59 p.m.3 views

CVE-2017-0582

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android...

7CVSS7.6AI score0.02087EPSS
Exploits3References3
NVD
NVD
added 2017/04/07 10:59 p.m.26 views

CVE-2017-0582

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android...

7.6CVSS6.7AI score0.02087EPSS
Exploits3References3
Prion
Prion
added 2017/04/07 10:59 p.m.15 views

Privilege escalation

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android...

7.6CVSS6.8AI score0.02087EPSS
Exploits3References3Affected Software1
UbuntuCve
UbuntuCve
added 2017/04/07 10:59 p.m.33 views

CVE-2017-0582

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android...

7.6CVSS7.4AI score0.02087EPSS
Exploits3References2
Cvelist
Cvelist
added 2017/04/07 10:0 p.m.24 views

CVE-2017-0582

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android...

7.3AI score0.02087EPSS
Exploits3References3
CVE
CVE
added 2017/04/07 10:0 p.m.62 views

CVE-2017-0582

CVE-2017-0582 is a moderate-e severity elevation-of-privilege issue affecting the Google Nexus 9 sensor hub. The vulnerability stems from the HTC OEM fastboot command which could allow a local attacker to execute code in the sensor hub context. Technical details from connected sources describe a ...

7.6CVSS7.2AI score0.02087EPSS
Exploits3References3Affected Software1
seebug.org
seebug.org
added 2017/03/20 12:0 a.m.76 views

OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing (CVE-2017-5623)

Summary A physical attacker or one with authorized-ADB access, e.g. PC malware can change the ‘boot mode’ of a locked OnePlus 3/3T device, by rebooting into fastboot and issuing the fastboot oem bootmode rf/wlan/ftm/normal command. The vulnerability may allow the attacker to elevate his privilege...

7.2CVSS6.4AI score0.00374EPSS
Exploits4
Rows per page
Query Builder