VARIoT IoT vulnerabilities database

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers. ASUSWRT is the ASUS router firmware. ASUSWRTRT-AC53 has a session stealing vulnerability. Asus ASUSWRT is prone to the following multiple security vulnerabilities. 1. A buffer-overflow vulnerability 2. A cross-site-scripting vulnerability. 3. A session-hijacking vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or steal cookie-based authentication credentials and gain unauthorized access. Failed exploit attempts will likely cause denial-of-service conditions. There is a session hijacking vulnerability in the httpd of ASUS ASUSWRT in RT-AC53 with firmware version 3.0.0.4.380.6038

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. iBallBaton150MWirelessRouter is a wireless router. The iBallBaton150MWirelessRouter has an authentication bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. iBall Baton 150M Wireless Router is prone to a authentication-bypass vulnerability. This may lead to further attacks. iBall Baton 150M Wireless Router 1.2.6 build 110401 Rel.47776n is vulnerable; other versions may also be affected. Devices using the following firmware and hardware are affected: firmware version 1.2.6 build 110401 Rel.47776n; hardware version iB-WRA150N v1 00000001

An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799. Android Contains vulnerabilities related to authorization, permissions, and access control. This vulnerability Android ID: A-33966912 and References: QC-CR#1096799 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GooglePixel is a smartphone from Google Inc. in the United States. An attacker could exploit the vulnerability to execute arbitrary code with elevated kernel privileges. Google Pixel is prone to a privilege-escalation vulnerability

A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within FileDownloadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of SYSTEM. HP Intelligent Management Center is a network intelligent management center solution from Hewlett Packard (HP). An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. References: - CVE-2017-5795 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. + **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P02** * HP Network Products - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU - JH704AAE Aruba IMC Std SW Plat w/50-node E-LTU - JH705AAE Aruba IMC Ent SW Plat w/50-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 8 March 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYwEHIAAoJELXhAxt7SZaiX7YIAIEfKCdk3q6Lhk7GzMVH/UU0 V9LWV/5BR1bnSgaeHhrDSvYRb2aVPq4INqWtT/zsAkkZkeOoGHhcYvdceHjQ1gKE b0zjv5vuAsuX3k0dGxSJJJnKV61V/YL6ZKRJYNSa4DO5swBFMsmjqmdhIH9/CKkt wnQlQhv/oWUcO348tOXT4zovajkCBaDKiB/Gt5iFGxxH6LQqNE0BJUMHacFKQuaH TlCw0UwMUy4uJ+ApRw3vSH9z86JptlJTNGVAEl9e6115P6bA/pdopUcSEGJ0gntS CcZgByc/RrfAQWaJ3nQaecHNN96xqXcvG4YTIvyjvyJ3nEwErZDpU+EyluEtH9Q= =Lw83 -----END PGP SIGNATURE-----

An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. This vulnerability Android ID: A-34390017 References: QC-CR#1069060 It is published asInformation may be obtained. GoogleNexus is a high-end mobile phone series powered by Google on the original Google system. An attacker could exploit this vulnerability to obtain potentially sensitive information that could lead to further attacks. Information obtained may aid in further attacks

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. There is likely to be. ACTiISeries and others are ACTi's series of network surveillance cameras. ACTi Cameras Models are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability. 2. An information disclosure vulnerability. 3. An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks

An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418. This vulnerability Android ID: A-33280689 and Qualcomm QC-CR#1102418 It is published asInformation may be obtained. GooglePixel/PixelXL is a smartphone from Google Inc. in the United States. An attacker could exploit this vulnerability to obtain potentially sensitive information that could lead to further attacks. Google Pixel/Pixel XL is prone to an information-disclosure vulnerability. Information obtained may aid in further attacks

The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. The HP Intelligent Management Center (IMC) is a network intelligent management center solution from Hewlett Packard (HP). The solution provides network-wide visibility for comprehensive management of resources, services and users. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain unauthorized access. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03716en_us Version: 1 HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-03-10 Last Updated: 2017-03-10 Potential Security Impact: Remote: Authentication Bypass Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in IMC PLAT. References: - CVE-2017-5791 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. + **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P02** * HP Network Products - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU - JH704AAE Aruba IMC Std SW Plat w/50-node E-LTU - JH705AAE Aruba IMC Ent SW Plat w/50-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 7 March 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYwsojAAoJELXhAxt7SZaiADUH/RspfKBBEFI3/twdBm2+2ZH2 zE6IOHEZqI9FZ0eu9Wn1tamh8vwvf+HoY2oqISQeVljBVPbzqm+KrG5hCCFyFVNt phuymHVwAB370UHgJjwq9P4uUoiThcWDD/xR272Djay6RW2aAlSophysD/I4l2Vv ull5nZkcYcutI7cFhcHuvkP+Gv8/7vDJK4plaO9EbP2NtOgbTNv2lVM0n4X6JdTS nCGyJzu97U+18ZxuE0K0zZFFf7WHtIcOcg8BwuwXo4Op2TH2WDBkL41ybmJrfWZ5 N+fym3yXFv5G8f98QDOnoRJvrLIzf9pDEd3wee09mIW0xqfzdz7h+ZkxYg5BQSI= =+aT0 -----END PGP SIGNATURE-----

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access. Schneider Electric Wonderware Intelligence is a set of industrial big data intelligent management solutions from Schneider Electric. The solution provides visual query and analysis capabilities for industrial big data. Electric Tableau Server/Desktop is the server side and the desktop. This may lead to further attacks. The following products are vulnerable: Wonderware Intelligence Tableau Analytics Dashboard Server 7.0 through 10.1.3 Wonderware Intelligence Tableau Analytics Client 7.0 through 10.1.3 Versions prior to Wonderware Intelligence Wonderware Intelligence 2014 R3

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation. MikroTik is a system for developing routers and wireless ISPs. MikroTik Router hAP Lite is a device from Latvian MikroTik company that has dual concurrent access points and provides WiFi coverage for 2.4GHz and 5GHz frequencies simultaneously. A security vulnerability exists in MikroTik Router hAP Lite version 6.25

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. If you are using the default settings, a remote third party can log in with your administrator credentials and have complete control of the device.A remote third party initializes the device to the factory default settings, obtains sensitive information such as a user name and password, or logs in to the device as an administrator using the initial authentication information. There is likely to be. ACTiISeries and others are ACTi's series of network surveillance cameras. There are security vulnerabilities in several ACTi products. A remote attacker can exploit a vulnerability to submit a special request for sensitive information. An authentication-bypass vulnerability. 2. An information disclosure vulnerability. 3. An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. There is a security vulnerability, which stems from the fact that the program uses the GET method to process requests

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). According to the reporter, ACTi Of the camera products provided by version A1D-500-V6.11.31-AC There are problems with multiple series using. The problem of lack of authentication for important functions (CWE-306) - CVE-2017-3184 These products do not have proper access restrictions for the configuration initialization function. A remote third party http://x.x.x.x/setup/setup_maintain_firmware-default.html like URL It is possible to initialize the product settings by directly accessing. This may interfere with service operation for the device. (DoS) Default password issue or cause weak (CVE-2017-3186) Can be used. GET Information leakage due to the query string included in the request (CWE-598) - CVE-2017-3185 The web interface of these products includes sensitive information such as usernames and passwords. GET Use the request. Therefore, it is possible to obtain such sensitive information from various histories such as browser history, referrer, and communication log. Weak default password (CWE-521) - CVE-2017-3186 The default settings for these products use the same authentication information for all devices. If you are using the default settings, a remote third party can log in with your administrator credentials and have complete control of the device.A remote third party initializes the device to the factory default settings, obtains sensitive information such as a user name and password, or logs in to the device as an administrator using the initial authentication information. There is likely to be. ACTiISeries and others are ACTi's series of network surveillance cameras. ACTi Cameras Models are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability. 2. An information disclosure vulnerability. 3. An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks

The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. Intel QuickAssist Technology (QAT) Engine is one of the engines used to improve data center performance

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469. Google Android is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain potentially sensitive information. Information obtained may aid in further attacks. These issues are being tracked by Android Bug IDs A-32073794, A-32644895 and A-32877245

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709. Qualcomm A security vulnerability exists in the camera driver. Google Android is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32588962, and A-32919951

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132. Google Android is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain potentially sensitive information. Information obtained may aid in further attacks. These issues are being tracked by Android Bug IDs A-32073794, A-32644895 and A-32877245

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939. Google Android is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain potentially sensitive information. Information obtained may aid in further attacks. These issues are being tracked by Android Bug IDs A-32073794, A-32644895 and A-32877245

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433. Qualcomm A security vulnerability exists in the camera driver. Google Android is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32588962, and A-32919951

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007. Google Android is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain potentially sensitive information. Information obtained may aid in further attacks. These issues are being tracked by Android Bug IDs A-32709702 and A-32720522