Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-4846 | Information Exposure Through an Error Message vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
| 2020-12-16 | CVE-2020-4906 | Insecure Storage of Sensitive Information vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2020-12-16 | CVE-2020-4008 | Unspecified vulnerability in VMWare Carbon Black Cloud The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. | 3.6 |
| 2020-12-15 | CVE-2020-29480 | Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 2.3 |
| 2020-12-15 | CVE-2020-27057 | Missing Authorization vulnerability in Google Android 11.0 In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. | 3.3 |
| 2020-12-15 | CVE-2020-27056 | Missing Authorization vulnerability in Google Android 11.0 In SELinux policies of mls, there is a missing permission check. | 3.3 |
| 2020-12-15 | CVE-2020-0481 | Incorrect Authorization vulnerability in Google Android 11.0 In AndroidManifest.xml, there is a possible permissions bypass. | 3.3 |
| 2020-12-15 | CVE-2020-0368 | Improper Input Validation vulnerability in Google Android 11.0 In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. | 3.3 |
| 2020-12-15 | CVE-2020-8938 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. | 3.3 |
| 2020-12-15 | CVE-2020-8937 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. | 3.3 |