Total
5093 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-0084 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775 | ||||
CVE-2020-0054 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727 | ||||
CVE-2020-0047 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311 | ||||
CVE-2020-0035 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024 | ||||
CVE-2020-0023 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871 | ||||
CVE-2019-9974 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2024-11-21 | N/A |
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | ||||
CVE-2019-9924 | 6 Canonical, Debian, Gnu and 3 more | 12 Ubuntu Linux, Debian Linux, Bash and 9 more | 2024-11-21 | 7.8 High |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | ||||
CVE-2019-9742 | 1 Gdata-software | 1 Total Security | 2024-11-21 | N/A |
gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation. | ||||
CVE-2019-9713 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. | ||||
CVE-2019-9574 | 1 Mishubd | 1 Wp Human Resource Management | 2024-11-21 | N/A |
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | ||||
CVE-2019-9482 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only). | ||||
CVE-2019-9380 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098 | ||||
CVE-2019-9377 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to a local information disclosure of metadata about the biometrics of another user on the device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599663 | ||||
CVE-2019-9351 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 | ||||
CVE-2019-9323 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233 | ||||
CVE-2019-9295 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36885811 | ||||
CVE-2019-9263 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
In telephony, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73136824 | ||||
CVE-2019-9224 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). | ||||
CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | ||||
CVE-2019-9002 | 2 Pixeline, Tiny Issue Project | 2 Bugs, Tiny Issue | 2024-11-21 | N/A |
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. |