Security Vulnerabilities - CVEs Published In September 2020
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
CVSS Score
6.7
EPSS Score
0.002
Published
2020-09-17
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-17
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-17
In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-17
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVSS Score
8.1
EPSS Score
0.021
Published
2020-09-17
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-09-17
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-09-17
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-17
In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923
CVSS Score
6.7
EPSS Score
0.0
Published
2020-09-17
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
CVSS Score
5.5
EPSS Score
0.003
Published
2020-09-17