Debian Android-Platform-System-Core vulnerabilities

11 known vulnerabilities affecting debian/android-platform-system-core.

Total CVEs
11
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3LOW8

Vulnerabilities

Page 1 of 1
CVE-2017-0647LOWCVSS 5.5fixed in android-platform-system-core 1:7.0.0+r33-2 (bullseye)2017
CVE-2017-0647 [MEDIUM] CVE-2017-0647: android-platform-system-core - An information disclosure vulnerability in libziparchive could enable a local ma... An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
debian
CVE-2017-0841LOWCVSS 7.82017
CVE-2017-0841 [HIGH] CVE-2017-0841: android-platform-system-core - A remote code execution vulnerability in the Android system (libutils). Product:... A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. Scope: local bullseye: open
debian
CVE-2017-13156LOWCVSS 7.8PoC2017
CVE-2017-13156 [HIGH] CVE-2017-13156: android-platform-system-core - An elevation of privilege vulnerability in the Android system (art). Product: An... An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. Scope: local bullseye: resolved
debian
CVE-2016-6762HIGHCVSS 7.8fixed in android-platform-system-core 1:7.0.0+r1-1 (bullseye)2016
CVE-2016-6762 [HIGH] CVE-2016-6762: android-platform-system-core - An elevation of privilege vulnerability in the libziparchive library could enabl... An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Pro
debian
CVE-2016-3890HIGHCVSS 7.0fixed in android-platform-system-core 1:6.0.1+r43-1 (bullseye)2016
CVE-2016-3890 [HIGH] CVE-2016-3890: android-platform-system-core - The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android... The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842. Scope: local bullseye: resolved (fixed in 1:6.0.1+r4
debian
CVE-2016-3921LOWCVSS 7.82016
CVE-2016-3921 [HIGH] CVE-2016-3921: android-platform-system-core - libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x befor... libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647. Scope: local bullseye: resolved
debian
CVE-2016-0807LOWCVSS 8.4fixed in android-platform-system-core 1:7.0.0+r1-1 (bullseye)2016
CVE-2016-0807 [HIGH] CVE-2016-0807: android-platform-system-core - The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 20... The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. Scope: local bullseye: resolved (fixed in 1:7.0.0+r1-1)
debian
CVE-2016-3885LOWCVSS 7.82016
CVE-2016-3885 [HIGH] CVE-2016-3885: android-platform-system-core - debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before... debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636. Scope: local bullseye: resolved
debian
CVE-2016-3861LOWCVSS 7.8PoCfixed in android-platform-system-core 1:7.0.0+r1-4 (bullseye)2016
CVE-2016-3861 [HIGH] CVE-2016-3861: android-platform-system-core - LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.... LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted fil
debian
CVE-2014-1909HIGHCVSS 7.5fixed in android-platform-system-core 1:6.0.0+r26-1~stage1 (bullseye)2014
CVE-2014-1909 [HIGH] CVE-2014-1909: android-platform-system-core - Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge... Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow. Scope: local bullseye: resolved (fixed in 1:6.0.0+r2
debian
CVE-2012-5564LOWCVSS 3.32012
CVE-2012-5564 [LOW] CVE-2012-5564: android-platform-system-core - android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrit... android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. Scope: local bullseye: open
debian