Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0069 | 2 Google, Huawei | 57 Android, Berkeley-l09, Berkeley-l09 Firmware and 54 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 | |||||
CVE-2020-0022 | 2 Google, Huawei | 43 Android, Honor 8a, Honor 8a Firmware and 40 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 | |||||
CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 274 Iphone Os, Mac Os X, Tvos and 271 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. | |||||
CVE-2019-5292 | 1 Huawei | 6 Honor 10 Lite, Honor 10 Lite Firmware, Honor 8a and 3 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. |