Back to all vulnerabilities
Asus is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
Asus has a FUM score of 2.61.
(json)
HTC is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
HTC has a FUM score of 2.6.
(json)
- CVE numbers: CVE-2015-3636 [avs-test-pingpong]
- Responsibly disclosed?: False
- Categories:
- Details: Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets. [dsa-3290]
- Discovered by: Wen Xu and wushi of KeenTeam [dsa-3290] on: Unknown
- Reported on: 2015-05-08 [xda-developers-pingpongroot]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices: Samsung Galaxy S6 Edge [xda-developers-pingpongroot], HTC One (M9) [xda-developers-pingpongroot], Samsung Galaxy S6 [xda-developers-pingpongroot]
- Affected manufacturers: Samsung [xda-developers-pingpongroot], HTC [xda-developers-pingpongroot]
- Fixed versions: 5.0.2,5.1.1 [xda-developers-pingpongroot]
- Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14
(json)
(json)
- CVE numbers:
- Responsibly disclosed?: False
- Categories: permissions
- Details: HTC recovery log on some devices is world writable and so can be deleted and symlinked to /data/local.prop to allow root on reboot, this is a appears to be a unstable exploit and requires the user to reboot into recovery mode [gh-cunninglogic-tacoroot]
- Discovered by: Justin Case (jcase) and Dan Rosenberg [gh-cunninglogic-tacoroot-sh] on: 2012-01-01 [gh-cunninglogic-tacoroot-fc]
- Reported on: 2011-12-29 [rootzwiki-tacoroot]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: HTC [rootzwiki-tacoroot]
- Fixed versions:
- Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07
LG is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
LG has a FUM score of 4.53.
(json)
- CVE numbers:
- Responsibly disclosed?: False
- Categories:
- Details: Vulnerability affecting LG devices released between 2012 and 2014 [xda-developers-stumproot]
- Discovered by: thecubed [xda-developers-stumproot] on: Unknown
- Reported on: 2014-08-17 [xda-developers-stumproot]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices: Verizon LG G3, T-Mobile LG G3, AT&T LG G3, Sprint LG G3, D852G Videotron 10C, D852 Rogers 10B, D852 Bell 10B, Flex D959 TMobile, LG-D855, LG-D858, LG-D855, LG-D851, LG-F400L [xda-developers-stumproot]
- Affected manufacturers: LG [xda-developers-stumproot]
- Fixed versions:
- Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14
(json)
- CVE numbers: CVE-2013-3685 [citation-needed]
- Responsibly disclosed?: True
- Categories: system
- Details: Race condition in Sprite Software's backup software, installed by OEM on LG Android devices. [fulldisclosure-2013-06-196]
- Discovered by: Justin Case jcase@cunninglogic.com [fulldisclosure-2013-06-196] on: 2013-06-24 [fulldisclosure-2013-06-196]
- Reported on: 2013-06-24 [fulldisclosure-2013-06-196]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: spritebud 1.3.24, 1.3.28 backup 2.5.4105, 2.5.4108 [citation-needed] regex:
- Affected devices: (LG-E971:LG Optimus G, LG-E973:LG Optimus G, LG-E975:LG Optimus G, LG-E975K:LG Optimus G, LG-E975T:LG Optimus G, LG-E976:LG Optimus G, LG-E977:LG Optimus G, LG-F100K:LG Optimus Vu, LG-F100L:LG Optimus Vu, LG-F100S:LG Optimus Vu, LG-F120K:LG Optimus Vu, LG-F120L:LG Optimus LTE Tag, LG-F120S:LG Optimus LTE Tag, LG-F160K:LG Optimus LTE 2, LG-F160L:LG Optimus LTE 2, LG-F160LV:LG Optimus LTE 2, LG-F160S:LG Optimus LTE 2, LG-F180K:LG Optimus G, LG-F180L:LG Optimus G, LG-F180S:LG Optimus G, LG-F200K:LG Optimus Vu 2, LG-F200L:LG Optimus Vu 2, LG-F200S:LG Optimus Vu 2, LG-F240K:LG Optimus G Pro, LG-F240L:LG Optimus G Pro, LG-F240S:LG Optimus G Pro, LG-F260K:LG Optimus LTE 3, LG-F260L:LG Optimus LTE 3, LG-F260S:LG Optimus LTE 3, LG-L21:LG Optimus G, LG-LG870:LG (Unknown), LG-LS860:LG Mach, LG-LS970:LG Optimus G, LG-P760:LG Optimus L9, LG-P769:LG Optimus L9, LG-P780:LG Optimus L7, LG-P875:LG Optimus F5, LG-P875h:LG Optimus F5, LG-P880:LG Optimus 4X HD, LG-P940:LG Prada, LG-SU540:LG Prada 3.0, LG-SU870:LG Optimus 3D Cube, LG-US780:LG Lollipop) [fulldisclosure-2013-06-196]
- Affected manufacturers: LG [citation-needed]
- Fixed versions:
- Submission: by: Daniel R. Thomas, on: 2013-08-28; by: Justin Case, on: 2014-02-08
(json)
Motorola is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
Motorola has a FUM score of 3.34.
(json)
- CVE numbers: CVE-2013-4777 [CVE-2013-4777], CVE-2013-5933 [CVE-2013-5933]
- Responsibly disclosed?: True
- Categories: permissions
- Details: A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. [CVE-2013-4777]
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. [CVE-2013-5933]
- Discovered by: Justin Case [plus-jcase-defy-republic] on: 2013-07-09 [plus-jcase-defy-republic]
- Reported on: 2013-09-24 [plus-jcase-defy-republic]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: 2.3.7 [citation-needed] regex:
- Affected devices: Defy Xt on Republic Wireless [CVE-2013-4777]
- Affected manufacturers: Motorola [citation-needed]
- Fixed versions:
- Submission: by: Daniel R. Thomas, on: 2013-11-06; by: Laurent Simon, on: 2013-10-07
(json)
(json)
Qualcomm is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
Qualcomm Integer oveflow diagnostics
Motochopper
Qualcomm Gandalf camera driver
Qualcomm acdb audio buffer overflow
Qualcomm Integer overflow camera
Qualcomm missing checks put_user get_user
Qualcomm stack buffer overflow camera
Qualcomm Goodix driver procfs
Qualcomm chown init scripts
Qualcomm out of bounds camera
Samsung is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
Samsung has a FUM score of 2.81.
(json)
- CVE numbers: CVE-2015-3636 [avs-test-pingpong]
- Responsibly disclosed?: False
- Categories:
- Details: Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets. [dsa-3290]
- Discovered by: Wen Xu and wushi of KeenTeam [dsa-3290] on: Unknown
- Reported on: 2015-05-08 [xda-developers-pingpongroot]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices: Samsung Galaxy S6 Edge [xda-developers-pingpongroot], HTC One (M9) [xda-developers-pingpongroot], Samsung Galaxy S6 [xda-developers-pingpongroot]
- Affected manufacturers: Samsung [xda-developers-pingpongroot], HTC [xda-developers-pingpongroot]
- Fixed versions: 5.0.2,5.1.1 [xda-developers-pingpongroot]
- Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14
(json)
- CVE numbers: CVE-2015-7888 [projectzero-489]
- Responsibly disclosed?: True
- Categories: system
- Details: A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user. [citation-needed]
- Discovered by: Mark Brand [projectzeroblog-huntinggalaxy] on: 2015-07-29 [citation-needed]
- Reported on: 2015-07-29 [citation-needed]
- Fixed on: 2015-10-22 [projectzero-489]
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices: Samsung S6 Edge and may be present in other Samsung device models [projectzero-489]
- Affected manufacturers: Samsung [projectzero-489]
- Fixed versions:
- Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14
(json)
- CVE numbers:
- Responsibly disclosed?: True
- Categories: kernel
- Details: [talks.cam-46303]
- Discovered by: Janis Danisevskis janis@sec.t-labs.tu-berlin.de from Technische Universität Berlin [citation-needed] on: 2012-09-30 [citation-needed]
- Reported on: 2013-04-04 [citation-needed]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Samsung [citation-needed]
- Fixed versions:
- Submission:
none is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
(json)
- CVE numbers: CVE-2014-7912 [dhcpd-fix], CVE-2014-7913 [dhcpd-fix]
- Responsibly disclosed?: True
- Categories: network
- Details: The specific flaw exists within the parsing of the DHCP options in a DHCP ACK packet. The vulnerability is triggered when the LENGTH of an option, when added to the current read position, exceeds the actual length of the DHCP options buffer. An attacker can leverage this vulnerability to execute code on the device. [ZDI-15-093]
This remote code execution vulnerability executes code as the dhcp user which limit's its severity [citation-needed]
- Discovered by: Jüri Aedla [ZDI-15-093] on: 2014-11-13 [ZDI-15-093]
- Reported on: 2015-03-12 [ZDI-15-093]
- Fixed on: 2014-11-15 [dhcpd-fix]
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers:
- Fixed versions:
- Submission: by: Laurent Simon, on: 2015-03-14; by: Daniel R. Thomas, on: 2015-03-24
(json)
- CVE numbers:
- Responsibly disclosed?: False
- Categories: app
- Details: Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner. [checkpoint-certifigate-blog]
- Discovered by: Check Point Software Technologies Ltd. [checkpoint-certificate-report] on: Unknown
- Reported on: 2015-08-06 [checkpoint-certifigate-blog]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers:
- Fixed versions:
- Submission: by: Laurent Simon, on: 2015-08-07; by: Daniel R. Thomas, on: 2016-06-01
