原生漏洞列表 [OSVDB] (80)
Android contains a flaw that is during the handling of a specially crafted application. This may allow a local attacker to bypass a secure virtual private network (VPN) connection and redirect potentially sensitive cleartext information to a location they control.
Google Android contains a flaw in the PreferenceActivity class that leads to unauthorized privileges being gained. The issue is due to the :android:show_fragment intent extra allowing for arbitrary classes to be loaded. This may allow a local attacker to use a specially crafted application to load arbitrary classes and gain elevated privileges.
CyanogenMod, ClockWorkMod, and Koush Superuser for Android contains a flaw that is due to the application failing to restrict users from using the /system/xbin/su setuid root executable. This may allow a local attacker to hijack a user's root session.
Google Android contains a flaw that is triggered during the handling of a specially crafted APK file. This may allow a context-dependent attacker to create a malicious APK file without harming the original signature attached to the file.
Goodix GT915 Touchscreen Driver for Android contains a flaw that is triggered when user controlled data is copied to a global variable without a mutual-exlusion mechanism when handling arguments passed to the procfs write handler. This may allow a local attacker to bypass security checks, crash the program, or alter the internal state of the handler.
Goodix GT915 Touchscreen Driver for Android contains multiple memory corruption flaws that are triggered as user-supplied input is not properly sanitized when processing data written to the procfs file. The program uses user supplied length values without properly bounds checking them, which may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.