MAL-2024-1793 Malicious code in axle-react-native-app-sync-client (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in axle-react-native-app-sync-client (npm)

--- -= Per source details. Do not edit below this line.=-...

Basecamp: com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover

It was identified that the android com.basecamp.bc3 application, contains a Webview where the loaded URLs are not sanitised properly. As this webview's functionality is extended via javascript interfaces and has the javascript enabled it is possible to inject arbitrary javascript code which will ...

Apple iPadOS 访问控制错误漏洞

Apple iPadOS is an operating system from Apple Inc. for the iPad tablet computer. Apple iPadOS suffers from an Access Control Error vulnerability that stems from improper access restrictions in the kernel subsystem. A native application can bypass implemented security restrictions and expose...

Apple macOS Security Breach

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS that originates from a logical error in kext loading in IOKit. A native application can execute arbitrary code using elevated privileges. The vulnerability exist...

Google Android Framework elevation of privilege vulnerability (CNVD-2017-31650)

Android is the United States Google Google and the Open Handheld Alliance referred to as OHA jointly developed a set of Linux-based open source operating system. framework windowmanager is one of the window management framework. Frameworkwindowmanager in Android is vulnerable to a power lifting...

Google Android framework elevation of privilege vulnerability (CNVD-2017-21538)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Framework is a component. The Framework in Google Android is vulnerable to a power lifting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

Google Android MediaTek Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and the MediaTek networking driver is a MediaTek-developed networking driver used in it. The MediaTek networking driver in Android is vulnerable to a power lifting vulnerability...

Google Android framework elevation of privilege vulnerability (CNVD-2017-21536)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Framework is a component. The Framework in Google Android is vulnerable to a power lifting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

Google Android framework elevation of privilege vulnerability (CNVD-2017-21537)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Framework is a component. The Framework in Google Android is vulnerable to a power lifting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

Android NVIDIA Sound Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which NVIDIA Sound driver is a sound driver. An elevation of privilege vulnerability exists in the NVIDIA Sound driver in Android. An attacker can exploit this vulnerability to...

Android Qualcomm sound driver elevation of privilege vulnerability (CNVD-2017-06114)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm Sound Driver is a sound driver developed by Qualcomm. The Qualcomm sound driver in Android on Pixel and Pixel XL devices is vulnerable to a power lifting vulnerability. An...

Google Android Qualcomm SPCom Driver Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Qualcomm SPCom Driver is a serial communication driver component. A power lifting vulnerability exists in the Qualcomm SPCom Driver in Android 6.0.1 and earlier versions...

Google Android MediaTek component elevation of privilege vulnerability (CNVD-2017-03380)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. MediaTek is a MediaTek component used in one of MediaTek's devices. An elevation of privilege vulnerability exists in the MediaTek components of Android, including the...

Google Android MediaTek component elevation of privilege vulnerability (CNVD-2017-03385)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. MediaTek is a MediaTek component used in one of MediaTek's devices. An elevation of privilege vulnerability exists in the MediaTek components of Android, including the...

Android kernel security subsystem privilege vulnerability

Android on Pixel and Pixel XL is an open source Linux-based operating system for the Pixel and Pixel XL smartphones developed by Google and the Open Handset Alliance OHA. kernel security is a subsystem of the kernel security configuration. kernel security is a kernel security configuration...

Google Android MediaTek component elevation of privilege vulnerability (CNVD-2017-03381)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. MediaTek is a MediaTek component used in one of MediaTek's devices. An elevation of privilege vulnerability exists in the MediaTek components of Android, including the...

Google Nexus Kernel FIQ Debugger Elevation of Privilege Vulnerability

Android on Nexus 9 is a Linux-based open source operating system for the Nexus 9 tablet developed by Google and the Open Handheld Alliance OHA. kernel FIQ debugger is one of the kernel debugger components. A security vulnerability exists in the kernel FIQ debugger in Android on Nexus 9 devices. A...

Google Android NVIDIA GPU Driver elevation of privilege vulnerability (CNVD-2017-03836)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the NVIDIA GPU Driver is an NVIDIA graphics processor driver component used in it. The NVIDIA GPU Driver in Android versions prior to 7.0 is vulnerable to a power lifting vulnerabilit...

Mobile App Native <= 3.0 - Remote File Upload

The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code. $ curl -F "file=@/var/www/shell.php"...