CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2018/07/06 5:29 p.m.•24 views

CVE-2018-5838

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger...

7.8CVSS7.3AI score0.00203EPSS

Prion•added 2018/07/06 5:29 p.m.•19 views

Input validation

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger...

4.6CVSS7.7AI score0.00203EPSS

Cvelist•added 2018/07/06 5:0 p.m.•20 views

CVE-2018-5838

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger...

7.8AI score0.00203EPSS

OSV•added 2018/01/12 11:29 p.m.•2 views

CVE-2017-13184

In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.2AI score

Prion•added 2018/01/12 11:29 p.m.•14 views

Design/Logic Flaw

7.2CVSS7.6AI score0.00224EPSS

NVD•added 2018/01/12 11:29 p.m.•25 views

CVE-2017-13184

7.8CVSS7.7AI score0.00224EPSS

Cvelist•added 2018/01/12 11:0 p.m.•17 views

CVE-2017-13184

7.7AI score0.00224EPSS

CVE•added 2018/01/12 11:0 p.m.•54 views

CVE-2017-13184

CVE-2017-13184 affects Android 8.0–8.1 SurfaceFlinger. In enableVSyncInjections, a use-after-free on mVSyncInjector can enable local elevation of privilege with code execution in a privileged process; no user interaction required. Exploitation details are not provided in the connected documents. ...

7.8CVSS7.6AI score0.00224EPSS

0day.today•added 2018/01/11 12:0 a.m.•51 views

Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon Exploit

Exploit for Android platform in category dos / poc This bug is similar to Jann Horn's issue https://bugs.chromium.org/p/project-zero/issues/detail?id=851 -- credit should go to him. The hardware service manager allows the registration of HAL services. These services are used by the vendor domain...

7.2CVSS0.1AI score0.00768EPSS

Exploits2

Exploit DB•added 2018/01/11 12:0 a.m.•31 views

Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon

This bug is similar to Jann Horn's issue https://bugs.chromium.org/p/project-zero/issues/detail?id=851 -- credit should go to him. The hardware service manager allows the registration of HAL services. These services are used by the vendor domain and other core processes, including systemserver,...

7AI score

Exploits0

BDU FSTEC•added 2017/07/06 12:0 a.m.•4 views

The vulnerability of the Surfaceflinger service in the Android operating system allows a hacker to cause memory corruption during the reading of media files or other data.

The vulnerability of the Surfaceflinger service in the Android operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code through a specially created file, which can cause memory...

9.3CVSS7.8AI score0.01818EPSS

BDU FSTEC•added 2017/05/04 12:0 a.m.•3 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the SurfaceFlinger component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.3CVSS7.6AI score0.00798EPSS

CNVD•added 2017/04/10 12:0 a.m.•3 views

Google Android SurfaceFlinger Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and SurfaceFlinger is a plug-in that manages the surface of the application. An elevation of privilege vulnerability exists in Google Android SurfaceFlinger. An attacker can explo...

9.3CVSS7.7AI score0.00798EPSS

OSV•added 2017/04/07 10:59 p.m.•2 views

CVE-2017-0546

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally...

7.8CVSS7.5AI score0.00798EPSS

Prion•added 2017/04/07 10:59 p.m.•13 views

Privilege escalation

9.3CVSS7.7AI score0.00798EPSS

NVD•added 2017/04/07 10:59 p.m.•13 views

CVE-2017-0546

9.3CVSS7.2AI score0.00798EPSS

Cvelist•added 2017/04/07 10:0 p.m.•19 views

CVE-2017-0546

7.8AI score0.00798EPSS

CVE•added 2017/04/07 10:0 p.m.•44 views

CVE-2017-0546

Concrete details found in connected documents: CVE-2017-0546 is described as an elevation of privilege vulnerability in Android's SurfaceFlinger. Affected product is Android, with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 identified in the CNVD entry. The CNVD/CVE records indicate a lo...

9.3CVSS7.7AI score0.00798EPSS

CNVD•added 2017/02/10 12:0 a.m.•1 views

Google Android Surfaceflinger Remote Code Execution Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A remote code execution vulnerability exists in Google Android Surfaceflinger. An attacker can exploit this vulnerability to execute arbitrary code in the context of the...

9.3CVSS8.3AI score0.01818EPSS