CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2021-08-17
Medium
CVE-2021-0591

Vendor: Google
Software: Android
 

 
In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960

 
Medium
CVE-2021-0593

Vendor: Google
Software: Android
 

 
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179386068

 
2021-08-11
Medium
CVE-2020-21363

Vendor: Maccms
Software: Maccms
 

 
An arbitrary file deletion vulnerability exists within Maccms10.

 
2021-08-10
Low
CVE-2020-23171

Vendor: Nim-lang
Software: Nim-lang
 

 
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

 
2021-08-05
Medium
CVE-2021-32576

Vendor: Acronis
Software: True image
 

 
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).

 
Medium
CVE-2021-32578

Vendor: Acronis
Software: True image
 

 
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).

 
2021-08-03
Medium
CVE-2021-22420

Vendor: Huawei
Software: Harmonyos
 

 
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..

 
2021-07-14
Medium
CVE-2021-0599

Vendor: Google
Software: Android
 

 
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289

 
2021-06-24
Low
CVE-2021-29965

Vendor: Mozilla
Software: Firefox
 

 
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

 
2021-06-22
Medium
CVE-2021-0536

Vendor: Google
Software: Android
 

 
In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691

 

 


Copyright 2021, cxsecurity.com

 

Back to Top