Export limit exceeded: 335260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0137 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289 | ||||
| CVE-2020-0135 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837 | ||||
| CVE-2020-0115 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428 | ||||
| CVE-2020-0109 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148059175 | ||||
| CVE-2020-0107 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216 | ||||
| CVE-2020-0106 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207 | ||||
| CVE-2020-0105 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084 | ||||
| CVE-2020-0097 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 | ||||
| CVE-2020-0089 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 | ||||
| CVE-2020-0087 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127989044 | ||||
| CVE-2020-0085 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134487438 | ||||
| CVE-2020-0084 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775 | ||||
| CVE-2020-0054 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727 | ||||
| CVE-2020-0047 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311 | ||||
| CVE-2020-0036 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144679405 | ||||
| CVE-2020-0035 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024 | ||||
| CVE-2020-0023 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871 | ||||
| CVE-2019-9974 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2024-11-21 | N/A |
| diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | ||||
| CVE-2019-9924 | 6 Canonical, Debian, Gnu and 3 more | 12 Ubuntu Linux, Debian Linux, Bash and 9 more | 2024-11-21 | 7.8 High |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | ||||
| CVE-2019-9742 | 1 Gdata-software | 1 Total Security | 2024-11-21 | N/A |
| gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation. | ||||