Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2020-8506: Global TV Android & iOS Applications - Unencrypted Analytics (CVE-2020-8506)

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.

CVE
Open in Source
#ios#android#apple#google
CVE-2020-8507: Information Security & Privacy Advisories

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

CVE-2019-19142: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

CVE-2019-0219: security - CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

CVE-2020-0003: Android Security Bulletin—January 2020  |  Android Open Source Project

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904

CVE-2020-0009: Android ashmem Read-Only Bypasses ≈ Packet Storm

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932

CVE-2019-3467: #946797 - debian-edu-config: kadm5.acl should set proper rights for users

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

CVE-2019-8634: About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.

CVE-2019-5085: TALOS-2019-0877 || Cisco Talos Intelligence Group

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.

CVE-2019-5090: TALOS-2019-0882 || Cisco Talos Intelligence Group

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.