Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0562 | 1 Intel | 1 Raid Web Console 2 | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0390 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026 | ||||
| CVE-2020-0388 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285 | ||||
| CVE-2020-0374 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 | ||||
| CVE-2020-0294 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372 | ||||
| CVE-2020-0275 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736 | ||||
| CVE-2020-0215 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248 | ||||
| CVE-2020-0208 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145207098 | ||||
| CVE-2020-0209 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842 | ||||
| CVE-2020-0122 | 1 Google | 1 Android | 2024-08-04 | 6.7 Medium |
| In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775 | ||||
| CVE-2020-0133 | 1 Google | 1 Android | 2024-08-04 | 7.3 High |
| In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060 | ||||
| CVE-2020-0024 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 | ||||
| CVE-2020-0009 | 2 Debian, Google | 2 Debian Linux, Android | 2024-08-04 | 5.5 Medium |
| In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 | ||||
| CVE-2021-46834 | 1 Huawei | 2 Jad-al50, Jad-al50 Firmware | 2024-08-04 | 5.5 Medium |
| A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). | ||||
| CVE-2021-46811 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 5.3 Medium |
| HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | ||||
| CVE-2021-46085 | 1 Oneblog Project | 1 Oneblog | 2024-08-04 | 6.5 Medium |
| OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. | ||||
| CVE-2021-46093 | 1 Elitecms | 1 Elite Cms | 2024-08-04 | 9.8 Critical |
| eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. | ||||
| CVE-2021-46086 | 1 Mindskip | 1 Xzs-mysql | 2024-08-04 | 7.5 High |
| xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data. | ||||
| CVE-2021-45335 | 1 Avast | 1 Antivirus | 2024-08-04 | 8.8 High |
| Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | ||||
| CVE-2021-45083 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-08-04 | 7.1 High |
| An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password. | ||||