❌ Agent Tesla Keylogger Gets Data Theft and Targeting Update ❌
📖 Read
via "Threat Post".
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.📖 Read
via "Threat Post".
Threat Post
Agent Tesla Keylogger Gets Data Theft and Targeting Update
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
❌ 45 Million Medical Images Left Exposed Online ❌
📖 Read
via "Threat Post".
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.📖 Read
via "Threat Post".
Threat Post
45 Million Medical Images Left Exposed Online
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
‼ CVE-2020-0280 ‼
📖 Read
via "National Vulnerability Database".
In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8936 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8944 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0497 ‼
📖 Read
via "National Vulnerability Database".
In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27021 ‼
📖 Read
via "National Vulnerability Database".
In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27028 ‼
📖 Read
via "National Vulnerability Database".
In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141618611📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0500 ‼
📖 Read
via "National Vulnerability Database".
In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913391📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8937 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27035 ‼
📖 Read
via "National Vulnerability Database".
In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8940 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading or past commit fa6485c5d16a7355eab047d4a44345a73bc9131e📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0484 ‼
📖 Read
via "National Vulnerability Database".
In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27026 ‼
📖 Read
via "National Vulnerability Database".
During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-79776455📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27029 ‼
📖 Read
via "National Vulnerability Database".
In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27024 ‼
📖 Read
via "National Vulnerability Database".
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0485 ‼
📖 Read
via "National Vulnerability Database".
In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166125765📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0482 ‼
📖 Read
via "National Vulnerability Database".
In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27030 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150612638📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0477 ‼
📖 Read
via "National Vulnerability Database".
In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0499 ‼
📖 Read
via "National Vulnerability Database".
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070📖 Read
via "National Vulnerability Database".