βΌ CVE-2020-4650 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.π Read
via "National Vulnerability Database".
β Microsoft Teams Users Under Attack in βFakeUpdatesβ Malware Campaign β
π Read
via "Threat Post".
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.π Read
via "Threat Post".
Threat Post
Microsoft Teams Users Under Attack in βFakeUpdatesβ Malware Campaign
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.
π΄ How Hackers Blend Attack Methods to Bypass MFA π΄
π Read
via "Dark Reading".
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.π Read
via "Dark Reading".
Dark Reading
How Hackers Blend Attack Methods to Bypass MFA
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
βΌ CVE-2020-0447 βΌ
π Read
via "National Vulnerability Database".
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617π Read
via "National Vulnerability Database".
βΌ CVE-2020-0451 βΌ
π Read
via "National Vulnerability Database".
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825π Read
via "National Vulnerability Database".
βΌ CVE-2020-0441 βΌ
π Read
via "National Vulnerability Database".
In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295π Read
via "National Vulnerability Database".
βΌ CVE-2020-0448 βΌ
π Read
via "National Vulnerability Database".
In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334π Read
via "National Vulnerability Database".
βΌ CVE-2020-0446 βΌ
π Read
via "National Vulnerability Database".
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528π Read
via "National Vulnerability Database".
βΌ CVE-2020-0409 βΌ
π Read
via "National Vulnerability Database".
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193π Read
via "National Vulnerability Database".
βΌ CVE-2020-0449 βΌ
π Read
via "National Vulnerability Database".
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143π Read
via "National Vulnerability Database".
βΌ CVE-2020-0454 βΌ
π Read
via "National Vulnerability Database".
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134π Read
via "National Vulnerability Database".
βΌ CVE-2020-0443 βΌ
π Read
via "National Vulnerability Database".
In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253π Read
via "National Vulnerability Database".
βΌ CVE-2020-0453 βΌ
π Read
via "National Vulnerability Database".
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474π Read
via "National Vulnerability Database".
βΌ CVE-2020-0439 βΌ
π Read
via "National Vulnerability Database".
In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-140256621π Read
via "National Vulnerability Database".
βΌ CVE-2020-0452 βΌ
π Read
via "National Vulnerability Database".
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731π Read
via "National Vulnerability Database".
βΌ CVE-2020-0438 βΌ
π Read
via "National Vulnerability Database".
In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320π Read
via "National Vulnerability Database".
βΌ CVE-2020-0442 βΌ
π Read
via "National Vulnerability Database".
In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092π Read
via "National Vulnerability Database".
βΌ CVE-2020-0424 βΌ
π Read
via "National Vulnerability Database".
In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564π Read
via "National Vulnerability Database".
βΌ CVE-2020-0450 βΌ
π Read
via "National Vulnerability Database".
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336π Read
via "National Vulnerability Database".
βΌ CVE-2020-24384 βΌ
π Read
via "National Vulnerability Database".
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0418 βΌ
π Read
via "National Vulnerability Database".
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813π Read
via "National Vulnerability Database".