In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567.
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Remote code execution
In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).
Product: AndroidVersions: Android SoCAndroid ID: A-273754094
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958
In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106
Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216
OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc.
An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019).
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019).
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019).
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019).
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019).