Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.
An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018).
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545.
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors.
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438
libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.
Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors.
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.
Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.
decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014.
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).