Lucene search
K

952 matches found

Prion
Prion
added 2020/09/17 4:15 p.m.10 views

Out-of-bounds

In Parseart of easmdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.3CVSS5.5AI score0.00645EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.18 views

Design/Logic Flaw

In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...

4.9CVSS5.8AI score0.00183EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.17 views

Out-of-bounds

In decrypt and decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

4.9CVSS5.7AI score0.00158EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.16 views

Design/Logic Flaw

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7.2CVSS7.8AI score0.00219EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.15 views

Out-of-bounds

In Parseins of easmdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.3CVSS5.5AI score0.00645EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.12 views

Design/Logic Flaw

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

4.3CVSS6.5AI score0.00385EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.13 views

Double free

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...

7.2CVSS8.3AI score0.00266EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.12 views

Design/Logic Flaw

In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.9CVSS5.8AI score0.00175EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.17 views

Command injection

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS8.2AI score0.00425EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/17 3:54 p.m.23 views

CVE-2020-0391

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

8.1AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/17 3:48 p.m.21 views

CVE-2020-0386

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

6AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/17 3:47 p.m.27 views

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

8AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2020/09/17 3:46 p.m.112 views

CVE-2020-0396

CVE-2020-0396 is a system/component issue in Android Telephony related to an unsafe PendingIntent that can bypass permissions, enabling local information disclosure without user interaction. Affected Android versions include 8.0 (Oreo) through 11, with evidence in NVD and Android Security Bulleti...

5.5CVSS5AI score0.00183EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/17 3:46 p.m.18 views

CVE-2020-0397

In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.4AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/17 3:43 p.m.20 views

CVE-2020-0395

In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.4AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/17 3:43 p.m.16 views

CVE-2020-0393

In decrypt and decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

5.4AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2020/09/17 3:43 p.m.108 views

CVE-2020-0393

CVE-2020-0393 affects Android during 9–11 in the Media Framework: decrypt and decrypt_1_2 in CryptoPlugin.cpp allow an out-of-bounds read due to a missing bounds check, enabling local information disclosure without user interaction. The issue is documented in multiple sources (NVD/NVD CVSS detail...

5.5CVSS5AI score0.00158EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/17 3:21 p.m.26 views

CVE-2020-0074

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

8AI score0.00219EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.29 views

EulerOS 2.0 SP8 : libjpeg-turbo (EulerOS-SA-2020-1862)

According to the versions of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image becau...

9.3CVSS8AI score0.02733EPSS
Exploits0References3
NVD
NVD
added 2020/08/11 8:15 p.m.17 views

CVE-2020-0243

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.8AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder