CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3721 matches found

CVE•added 2020/09/17 6:46 p.m.•38 views

CVE-2020-0434

CVE-2020-0434 relates to Pixel’s use of the Catpipe library, where a use-after-free leads to memory corruption in the Android kernel and enables local privilege escalation without user interaction. The impact is Local Privilege Escalation with high severity (per CVSS), affecting Pixel devices via...

7.8CVSS8.3AI score0.00015EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/09/17 6:45 p.m.•14 views

CVE-2020-0433

In blkmqqueuetagbusyiter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

8.4AI score0.00025EPSS

Exploits0References1

Debian CVE•added 2020/09/17 6:45 p.m.•20 views

CVE-2020-0433

7.8CVSS6.2AI score0.00025EPSS

Exploits0

Debian CVE•added 2020/09/17 6:45 p.m.•22 views

CVE-2020-0432

In skbtomamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS6.8AI score0.00033EPSS

Exploits0

Cvelist•added 2020/09/17 6:45 p.m.•19 views

CVE-2020-0431

In kbdkeycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.4AI score0.00036EPSS

Exploits0References3

Debian CVE•added 2020/09/17 6:45 p.m.•34 views

CVE-2020-0431

6.7CVSS6.8AI score0.00036EPSS

Exploits0

Debian CVE•added 2020/09/17 6:44 p.m.•27 views

CVE-2020-0430

In skbheadlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

7.8CVSS7.2AI score0.0002EPSS

Exploits0

Cvelist•added 2020/09/17 6:44 p.m.•15 views

CVE-2020-0430

7.8AI score0.0002EPSS

Exploits0References1

Cvelist•added 2020/09/17 6:42 p.m.•13 views

CVE-2020-0429

In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.4AI score0.00019EPSS

Exploits0References1

CVE•added 2020/09/17 6:42 p.m.•153 views

CVE-2020-0429

CVE-2020-0429 affects the Android/Linux kernel in the l2tp_core.c path, specifically the l2tp_session_delete and related functions. The vulnerability enables memory corruption via a use-after-free, which could allow local privilege escalation to SYSTEM. Exploitation is described as local with no ...

6.7CVSS7AI score0.00019EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/09/17 6:42 p.m.•12 views

CVE-2020-0428

In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783...

7.4AI score0.00015EPSS

Exploits0References1

Cvelist•added 2020/09/17 6:28 p.m.•14 views

CVE-2020-0403

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

7.5AI score0.00013EPSS

Exploits0References1

Cvelist•added 2020/09/17 6:28 p.m.•10 views

CVE-2020-0387

In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

8.4AI score0.00034EPSS

Exploits0References1

NVD•added 2020/09/17 4:15 p.m.•18 views

CVE-2020-0407

In various functions in fscryptice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs Initialization Vectors, 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption...

4.4CVSS0.0001EPSS

Exploits0References1

OSV•added 2020/09/17 4:15 p.m.•6 views

CVE-2020-0404

In uvcscanchainforward of uvcdriver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS7.7AI score

Exploits0References4