Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and without notification or audit logging accessible in the UI to either the project owners or the public.
a9d09c7f970e183298b90b8052e3412ba79d05b1448bd2d0c9c5ff3dfc4ead5b
This Metasploit module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution.
4ccfaf072a1e7c46f30c1cc2d18cee6c6a4808b75b791fdf5f86b605d61b7b79
Amazon FireOS version 5.3.6.3 suffers from a content injection vulnerability via man-in-the-middle attacks.
3fc2b76f13d85ca94803752f4180843fe6cd34dd8935df02802d6d2811f01781
Android OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts.
b84b85cafb558b1dc05e71a251d6e82bce2a07ab37bb19c2c696f5dd92aa04d5
Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts.
8ad47d4c35696bfefa77337a99ecd6afe8715bda10ca617af6f70817f6c9f62c
System broadcasts by Android OS expose information about the user's device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
523ebc0e6847c2ff3858fa671185f0aded4e77fd712ecd694c1d059ae8df9760
Facebook Messenger for Android can be crashed via the application's status check. This can be exploited by an MITM attacker via intercepting that call and returning a large amount of data. This happens because this status check is not done over SSL and the application did not contain logic for checking if the returned data is very large.
2b84ee490dfce23021dbf5500cae6f29e03f362c5e22820ba16e2c8d66f120a4
Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.
419aa59f60c639bf9769fc664825bf713bf20d2a125449f8cf156e98eb09bb86
Samsung Display Solutions Application for Android did not use encryption (SSL) for information transmission, thus allowing a man-in-the-middle attacker to inject their own content into the application. The vendor fixed this issue and users should install the latest version (3.02 or above).
b11d272f193046efb92fcbceb2f17341101e4e312fb6b14fe2a668182427f1d5
The Android application provided by Private Internet Access (PIA) VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be exploited by an MITM attacker via intercepting and replacing this file. While the file is digitally signed, it is not served over SSL and the application did not contain logic for checking if the provided file is very large. The vendor has fixed this issue in version 1.3.3.1 and users should install the latest version.
800f549876739334d620586c15f309262e80b5ce74344d37893a980b9345e1e9
Google I/O 2017 application for Android versions prior to 5.1.4 suffer from a man-in-the-middle vulnerability.
1fa0559e9edae7e21ef67d5f155d2d2b4db4d4651ee541249e1393abaf366ace
WhatsApp Messenger for Android does not delete sent and received files from the SD card on the device when chats are cleared, deleted or the application is uninstalled from the device. Additionally, the application stores sent and received files in the SD card without encryption where they are accessible to any applications with storage permissions.
33e5802bd2f7506103d2ccc503733ef058009d057af1f25c56e0615d0d99772f
ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.
c234e4d0097a292327004469b2284cab90e82e534ca260fba018cd3bf48a7f3c
Android devices can be crashed forcing a halt and then a soft reboot by downloading a large proxy auto config (PAC) file when adjusting the Android networking settings. This can also be exploited by an MITM attacker that can intercept and replace the PAC file. However, the bug is mitigated by multiple factors and the likelihood of exploitation is low.
9a6a1af684f67a60cc245b0a7841aeca5cc4c686f0d9b20cffcd532b0d7b75f1
Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualcomm to the proprietary client in September of 2016.
a65dfddf168a89391ed0b8297e76ae23566fa1e4d61a4e69446fbad5e0a2b52b