Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-29480 | Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 2.3 |
| 2020-12-15 | CVE-2020-27057 | Missing Authorization vulnerability in Google Android 11.0 In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. | 3.3 |
| 2020-12-15 | CVE-2020-27056 | Missing Authorization vulnerability in Google Android 11.0 In SELinux policies of mls, there is a missing permission check. | 3.3 |
| 2020-12-15 | CVE-2020-0481 | Incorrect Authorization vulnerability in Google Android 11.0 In AndroidManifest.xml, there is a possible permissions bypass. | 3.3 |
| 2020-12-15 | CVE-2020-0368 | Improper Input Validation vulnerability in Google Android 11.0 In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. | 3.3 |
| 2020-12-15 | CVE-2020-8938 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. | 3.3 |
| 2020-12-15 | CVE-2020-8937 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. | 3.3 |
| 2020-12-14 | CVE-2020-0459 | Missing Authorization vulnerability in Google Android In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. | 3.3 |
| 2020-12-14 | CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | 3.7 |
| 2020-12-11 | CVE-2020-28838 | Cross-Site Request Forgery (CSRF) vulnerability in Opencart 3.0.3.6 Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. | 3.5 |