‼ CVE-2020-0443 ‼
📖 Read
via "National Vulnerability Database".
In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0453 ‼
📖 Read
via "National Vulnerability Database".
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0439 ‼
📖 Read
via "National Vulnerability Database".
In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-140256621📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0452 ‼
📖 Read
via "National Vulnerability Database".
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0438 ‼
📖 Read
via "National Vulnerability Database".
In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0442 ‼
📖 Read
via "National Vulnerability Database".
In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0424 ‼
📖 Read
via "National Vulnerability Database".
In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0450 ‼
📖 Read
via "National Vulnerability Database".
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24384 ‼
📖 Read
via "National Vulnerability Database".
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0418 ‼
📖 Read
via "National Vulnerability Database".
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0445 ‼
📖 Read
via "National Vulnerability Database".
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0437 ‼
📖 Read
via "National Vulnerability Database".
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-162741784📖 Read
via "National Vulnerability Database".
🛠 Falco 0.26.2 🛠
📖 Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.26.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 DDoS attacks: How to combat the latest tactics 🦿
📖 Read
via "Tech Republic".
With DDoS-as-a-Service, criminals with a little know-how can launch denial of service attacks for just a few dollars, says Digital Shadows.📖 Read
via "Tech Republic".
TechRepublic
DDoS attacks: How to combat the latest tactics
With DDoS-as-a-Service, criminals with a little know-how can launch denial of service attacks for just a few dollars, says Digital Shadows.
❌ Ghimob Android Banking Trojan Targets 153 Mobile Apps ❌
📖 Read
via "Threat Post".
A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator has big plans to expand abroad.📖 Read
via "Threat Post".
Threat Post
Ghimob Android Banking Trojan Targets 153 Mobile Apps
A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator has big plans to expand abroad.
‼ CVE-2020-7766 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5388 ‼
📖 Read
via "National Vulnerability Database".
Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4760 ‼
📖 Read
via "National Vulnerability Database".
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12485 ‼
📖 Read
via "National Vulnerability Database".
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28267 ‼
📖 Read
via "National Vulnerability Database".
Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4704 ‼
📖 Read
via "National Vulnerability Database".
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189.📖 Read
via "National Vulnerability Database".