CWE:
 

Tytuł
Data
Autor
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
Med.
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
02.07.2017
Karn Ganeshen
Med.
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
07.09.2016
sh4d0wman
Med.
Hide.Me VPN Client 1.2.4 - Privilege Escalation
08.07.2016
sh4d0wman
Med.
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
06.04.2016
orwelllabs
High
Zarafa Multiple incorrect default permissions
25.08.2014
Robert Scheck
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
Med.
Photodex ProShow Producer 5.0.3310 Privilege Escalation
20.03.2013
Inshell Security Advis...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-10-14
Low
CVE-2020-0414

Vendor: Google
Software: Android
 

 
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122

 
Low
CVE-2020-0412

Vendor: Google
Software: Android
 

 
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416

 
Low
CVE-2020-0410

Vendor: Google
Software: Android
 

 
In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269

 
Low
CVE-2020-0415

Vendor: Google
Software: Android
 

 
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795

 
2020-09-18
Low
CVE-2020-0276

Vendor: Google
Software: Android
 

 
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586

 
Medium
CVE-2020-0298

Vendor: Google
Software: Android
 

 
In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266

 
Low
CVE-2020-0295

Vendor: Google
Software: Android
 

 
In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969

 
Low
CVE-2020-0294

Vendor: Google
Software: Android
 

 
In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372

 
Low
CVE-2020-0285

Vendor: Google
Software: Android
 

 
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479

 
Low
CVE-2020-0284

Vendor: Google
Software: Android
 

 
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784

 

 


Copyright 2020, cxsecurity.com

 

Back to Top