Android suffers from multiple race condition vulnerabilities in the media.metrics service.
06121632506dfafd6c92c75072b912b0Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service.
aecbddca95d8cb30c1fb09dfe42056f3Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC.
473c674fc42d6772752e1711e882dd1fChromium suffers from an issues where read-only SharedMemory descriptors on Android are writable.
08491d011bf32134fe1395fcf9073825A Chromium incorrect size calculation when deserializing Mojo "Event" messages can lead to out-of-bounds access.
94356d5538990c64e559c1b0258aa0c0The keystore binder service ("android.security.IKeystoreService") allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as "media.codec". A permission bypass vulnerability exists in the KeyStore service due to getpidcon.
6217b7e5a6f72a1a4284d0fb186f9dafChromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.
29596ace8468f827cee80ea00a7fe425Android hardware service manager suffers from an arbitrary service replacement issue due to getpidcon.
e737a1fadbe0b195095c2575bb8694b4The Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.
dcf0633cc886152f7601ff53e754aa73Broadcom suffers from an information leak vulnerability in ICMPv6 router advertisement offloading.
aeacfa2846109e67de9614fdd20990e3Broadcom suffers from denial of service and out-of-bounds read vulnerabilities in TCP KeepAlive Offloading.
879a8ac244f3f3230f4a9c7db76d35f4Broadcom suffers from multiple overflow vulnerabilities when handling 802.11r (FT) Reassociation Response.
1e78093fdd782872ab115f5141a79346Broadcom suffers from an out-of-bounds write when handling 802.11k Neighbor Report Response.
c66159611f52d4704833cd26af2fd32dBroadcom suffers from a heap overflow vulnerability when handling 802.11v WNM Sleep Mode Response.
48eb86c5a0494efa869be0836999b41cApple products suffers from an information leak when handling WLC_E_COUNTRY_CODE_CHANGED event packets.
18dfa8691803d310aeb0e9d26cfe8d89The Apple PCIe Message Ring protocol suffers from multiple race conditions that can lead to out-of-bounds read and writes.
bcd86287d34d775562104062a30c316cHeap overflow and information disclosure vulnerabilities exist in Apple's setVendorIE when handling ioctl results.
3777e2aae23fd65779213ee09ccc433bApple products suffer from an issue where an out-of-band NUL byte write occurs when handling WLC_E_TRACE event packets.
2d276b709454a0e3d3f8f98a100310a0A heap overflow vulnerability exists in Apple's updateRateSetAsyncCallback when handling ioctl results.
1e92daae67494ac51cfa3e9e9cd67bceThere is a heap overflow vulnerability in Apple's assembleBGScanResults when handling ioctl results.
92a298553ffecc17b336c053ef27d831There is a heap overflow in Apple's AppleBCMWLANCore driver when handling Completed Firmware Timestamp messages (0x27).
9e2eb777a0c25de2a642bb1b840b9f64Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
9c01feb9f591e95fb6fa6abb1652bfccMultiple Android devices do not revoke known-bad QSEE trustlets.
f1989c1a9bceca35c689beccaef68246Broadcom suffers from a host to dongle information leak via wldev_ioctl.
4920ccd54f1c8e49e101f7bf4b8b956bBroadcom suffers from multiple memory corruption vulnerabilities in bcmdhd when handling WLFC information.
1403eebce5cd8e3ea8172f5a69f31803
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed