Vulnerabilities (CVE)

Filtered by CWE-276
Total 1337 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-0562 1 Intel 1 Raid Web Console 2 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0560 1 Intel 1 Renesas Electronics Usb 3.0 Driver 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0547 1 Intel 1 Data Migration 2024-11-21 4.6 MEDIUM 7.8 HIGH
Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0524 1 Intel 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-0514 1 Intel 1 Graphics Driver 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0508 1 Intel 1 Graphics Driver 2024-11-21 4.6 MEDIUM 7.8 HIGH
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0486 1 Google 1 Android 2024-11-21 4.6 MEDIUM 7.8 HIGH
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116
CVE-2020-0468 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422
CVE-2020-0459 1 Google 1 Android 2024-11-21 2.1 LOW 3.3 LOW
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687
CVE-2020-0453 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
CVE-2020-0448 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334
CVE-2020-0426 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790
CVE-2020-0415 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795
CVE-2020-0414 1 Google 1 Android 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122
CVE-2020-0412 1 Google 1 Android 2024-11-21 2.1 LOW 3.3 LOW
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416
CVE-2020-0410 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269
CVE-2020-0390 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026
CVE-2020-0388 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285
CVE-2020-0374 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602
CVE-2020-0343 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472