‼ CVE-2020-27029 ‼
📖 Read
via "National Vulnerability Database".
In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27024 ‼
📖 Read
via "National Vulnerability Database".
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0485 ‼
📖 Read
via "National Vulnerability Database".
In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166125765📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0482 ‼
📖 Read
via "National Vulnerability Database".
In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27030 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150612638📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0477 ‼
📖 Read
via "National Vulnerability Database".
In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0499 ‼
📖 Read
via "National Vulnerability Database".
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27025 ‼
📖 Read
via "National Vulnerability Database".
In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156008365📖 Read
via "National Vulnerability Database".
🦿 Why I'm not concerned about the rise in Linux attacks 🦿
📖 Read
via "Tech Republic".
Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.📖 Read
via "Tech Republic".
TechRepublic
Why I'm not concerned about the rise in Linux attacks
Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.
🦿 Linux attacks are rising: Why I'm not concerned 🦿
📖 Read
via "Tech Republic".
Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.📖 Read
via "Tech Republic".
TechRepublic
Why I'm not concerned about the rise in Linux attacks
Jack Wallen explains why he's not worried that the rise in popularity of the Linux operating system will mean your open source platforms will be vulnerable to attacks.
🕴 Nowhere to Hide: Don't Let Your Guard Down This Holiday Season 🕴
📖 Read
via "Dark Reading".
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.📖 Read
via "Dark Reading".
Dark Reading
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
‼ CVE-2020-29481 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2083 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29480 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests' devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27057 ‼
📖 Read
via "National Vulnerability Database".
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161903239📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2089 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2080 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29483 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29479 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27056 ‼
📖 Read
via "National Vulnerability Database".
In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161356067📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27039 ‼
📖 Read
via "National Vulnerability Database".
In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878498📖 Read
via "National Vulnerability Database".