Lucene search
K

952 matches found

NVD
NVD
added 2020/08/11 8:15 p.m.23 views

CVE-2020-0249

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS5.2AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2020/08/11 8:15 p.m.14 views

CVE-2020-0238

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for...

7CVSS7AI score0.00129EPSS
Exploits0References1
Prion
Prion
added 2020/08/11 8:15 p.m.17 views

Race condition

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for...

6.9CVSS7.3AI score0.00129EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/11 8:15 p.m.11 views

Information disclosure

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

4.9CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/08/11 8:15 p.m.43 views

CVE-2020-0256

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS6.8AI score0.00214EPSS
Exploits0References4
Prion
Prion
added 2020/08/11 8:15 p.m.17 views

Design/Logic Flaw

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS7.8AI score0.00498EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/08/11 8:15 p.m.13 views

Design/Logic Flaw

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.2CVSS8.1AI score0.00153EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/11 8:15 p.m.11 views

Information disclosure

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file eg. a photo containing location metadata with no additional execution privileges needed. User...

4.9CVSS5.8AI score0.00183EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/11 8:15 p.m.16 views

Design/Logic Flaw

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

7.2CVSS8.1AI score0.00244EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2020/08/11 7:31 p.m.23 views

CVE-2020-0256

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS6.8AI score0.00214EPSS
Exploits0
Cvelist
Cvelist
added 2020/08/11 7:26 p.m.14 views

CVE-2020-0238

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for...

7.2AI score0.00129EPSS
Exploits0References1
CVE
CVE
added 2020/08/11 7:25 p.m.266 views

CVE-2020-0108

CVE-2020-0108 is a local elevation-of-privilege in Google Android. In ServiceRecord.java, a failure to handle an exception in postNotification can bypass foreground service restrictions, allowing a malicious local app to run at elevated privileges without user interaction. Affected Android versio...

7.8CVSS7.7AI score0.00498EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/07/17 9:15 p.m.12 views

Type confusion

In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

10CVSS9.3AI score0.01581EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/17 9:15 p.m.15 views

Design/Logic Flaw

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User...

7.2CVSS7.7AI score0.00268EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/17 9:15 p.m.16 views

Design/Logic Flaw

In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

7.2CVSS6.7AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/17 8:6 p.m.20 views

CVE-2020-0227

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User...

8AI score0.00268EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/06/25 12:0 a.m.30 views

EulerOS Virtualization for ARM 64 3.0.6.0 : cups (EulerOS-SA-2020-1704)

According to the version of the cups package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In arrayfind of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local...

5.5CVSS6.3AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 2020/06/11 2:43 p.m.255 views

CVE-2020-0215

CVE-2020-0215 affects Android devices via a leak in ConfirmConnectActivity.java related to a permissions bypass that exposes the Bluetooth MAC address. The vulnerability could enable local elevation of privilege to access pairing information, with user interaction required for exploitation. Affec...

7.8CVSS7.3AI score0.00277EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/06/10 6:15 p.m.21 views

CVE-2020-0113

In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS0.00361EPSS
Exploits1References1
NVD
NVD
added 2020/06/10 6:15 p.m.13 views

CVE-2020-0115

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7.8CVSS0.00164EPSS
Exploits0References1
Rows per page
Query Builder