Security Vulnerabilities - CVEs Published In September 2020
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643
CVSS Score
6.4
EPSS Score
0.0
Published
2020-09-18
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626
CVSS Score
5.5
EPSS Score
0.0
Published
2020-09-18
In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081
CVSS Score
7.3
EPSS Score
0.0
Published
2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-09-18
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-18
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-18
In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131
CVSS Score
5.5
EPSS Score
0.0
Published
2020-09-18
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331
CVSS Score
9.8
EPSS Score
0.006
Published
2020-09-18