Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-15387

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Nov, 2019 | 16:25
Updated At-05 Aug, 2024 | 00:42
Rejected At-
Credits

The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Nov, 2019 | 16:25
Updated At:05 Aug, 2024 | 00:42
Rejected At:
▼CVE Numbering Authority (CNA)

The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.kryptowire.com/android-firmware-2019/
x_refsource_MISC
Hyperlink: https://www.kryptowire.com/android-firmware-2019/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.kryptowire.com/android-firmware-2019/
x_refsource_MISC
x_transferred
Hyperlink: https://www.kryptowire.com/android-firmware-2019/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Nov, 2019 | 17:15
Updated At:24 Aug, 2020 | 17:37

The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
archos
archos
>>core_101_firmware>>-
cpe:2.3:o:archos:core_101_firmware:-:*:*:*:*:*:*:*
archos
archos
>>core_101>>-
cpe:2.3:h:archos:core_101:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.kryptowire.com/android-firmware-2019/cve@mitre.org
Third Party Advisory
Hyperlink: https://www.kryptowire.com/android-firmware-2019/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

23Records found
CVE-2022-20267
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 2.07%
||
7 Day CHG-0.01%
Published-11 Aug, 2022 | 15:13
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211646835

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-20537
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-36856
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.04% / 10.44%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2020-13626
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 05:02
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

Action-Not Available
Vendor-oneplusn/a
Product-app_lockern/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-42469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 16.84%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.

Action-Not Available
Vendor-fulldiven/a
Product-full_dialern/a
CWE ID-CWE-862
Missing Authorization
CVE-2020-7343
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-18 Jan, 2021 | 12:15
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authorization vulnerability in MA

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent
CWE ID-CWE-862
Missing Authorization
CVE-2020-5362
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_13_2-in-1_7359inspiron_15_7570_firmwarevostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7790_aioinspiron_7591_2_in_1optiplex_5480_aiovostro_3669precision_7820_firmwarevostro_3558_firmwareinspiron_5590_firmwarelatitude_e5550g7_17_7790_firmwareinspiron_14_gaming_7466_firmwareoptiplex_3280_aio_firmwarelatitude_5179inspiron_17_2-in-1_7779latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwareinsprion_5491_aiolatitude_e5270wyse_7040_thin_clientinspiron_15_2-in-1_5578latitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareinspiron_7501precision_5550inspiron_7580_firmwareprecision_7920inspiron_3583precision_7720vostro_5581_firmwarexps_12_9250_firmwarelatitude_3380_firmwareoptiplex_7760_aioprecision_5530_firmwareinsprion_5491_aio_firmwareoptiplex_5040vostro_15_7580inspiron_14_5468inspiron_13_7370_firmwareprecision_tower_3431_small_form_factor_firmwareinspiron_7391_2_in_1_firmwareinspiron_15_3559_firmwareoptiplex_5050latitude_3460_firmwareg5_15_5500_firmwareinspiron_15_2-in-1_7568_firmwareinspiron_15_gaming_7577latitude_3470optiplex_3050_aioinspiron_5400_2_in1precision_3620_towerxps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwareinspiron_5490_aio_firmwarelatitude_3590_firmwareinspiron_5557latitude_7490_firmwarelatitude_7250_firmwareinspiron_14_7460_firmwareinspiron_15_2-in-1_7569precision_5520xps_7390_2-in-1_firmwareinspiron_7490_firmwareoptiplex_7480_aioprecision_5720_aiolatitude_5591xps_15_9570inspiron_14_3459inspiron_3471optiplex_5050_firmwareprecision_7520_firmwarelatitude_5175_firmwarelatitude_5250inspiron_13_7370inspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070optiplex_7460_aio_firmwarevostro_3458_firmwareoptiplex_7071_towerprecision_3430optiplex_3280_aioinspiron_14_7460latitude_7285_firmwarexps_13_9370_firmwarelatitude_3560vostro_3581_firmwarelatitude_7275vostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwarelatitude_5310inspiron_15_5567vostro_5391optiplex_aio_7470_firmwarelatitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarevostro_3660latitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarelatitude_3350_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370inspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488inspiron_13_2-in-1_7359_firmwarelatitude_7380vostro_14_5468xps_15_9560inspiron_3580_firmwareinspiron_14_gaming_7466inspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_13_2-in-1_7373vostro_3670_firmwareinspiron_15_2-in-1_5568inspiron_15_gaming_7577_firmwareinspiron_13_2-in-1_7378latitude_7214_rugged_extremelatitude_7275_firmwarexps_7380_firmwarelatitude_3310precision_7520latitude_5290_2-in-1vostro_15_3578_firmwarevostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_towerlatitude_7290optiplex_3240_aiolatitude_7212_rugged_extreme_tablet_firmwareinspiron_17_2-in-1_7773_firmwarelatitude_7480latitude_7210_2_in_1_firmwarevostro_3881inspiron_7391_firmwarewyse_5470_firmwareinspiron_5593latitude_5550inspiron_7580vostro_5390_firmwareinspiron_3668inspiron_5770latitude_3580latitude_7250precision_5820_tower_firmwareinspiron_3668_firmwareinspiron_5559_firmwareinspiron_3493_firmwareinspiron_7590_2_in_1_firmwarevostro_3558vostro_5300latitude_3190_2-in-1_firmwarelatitude_5285inspiron_5480_firmwareinspiron_3590chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268latitude_7350_firmwareinspiron_15-3552optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwarevostro_3481_firmwarelatitude_5491optiplex_7040inspiron_7386inspiron_5591_2-in-1_firmwareinspiron_11_2-in-1_3158_firmwarelatitude_7280g3_15_3500inspiron_7591_2_in_1_firmwarevostro_3459latitude_5410precision_3541optiplex_7050_firmwareinspiron_7300_2_in_1_firmwareprecision_7730_firmwarelatitude_3379_firmwareprecision_3551inspiron_17_5767precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7350optiplex_7780_aio_firmwarelatitude_7414_rugged_firmwareg7_17_7790optiplex_aio_7770_firmwareoptiplex_5260_aio_firmwarelatitude_7285g7_15_7590inspiron_13_2-in-1_5379_firmwareinspiron_7391vostro_3671_firmwareinspiron_15_2-in-1_5578_firmwareprecision_3440precision_7510_firmwareinspiron_7300_2_in_1optiplex_5250_firmwarelatitude_e5450inspiron_7390_2_in_1_firmwareinspiron_3576inspiron_3671_firmwareinspiron_14_gaming_7467_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwarevostro_7500inspiron_7590_firmwareinspiron_5491_2_in_1latitude_3460_mobile_thin_clientinspiron_15_3567latitude_7389vostro_3681vostro_3591latitude_3560_firmwareinspiron_5570_firmwareprecision_7920_towervostro_3559_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593inspiron_5370latitude_5250_firmwareoptiplex_7460_aioinspiron_5491_2_in_1_firmwareinspiron_3481_firmwareprecision_5530inspiron_15_gaming_7567inspiron_14_3458_firmwarelatitude_7310_firmwareoptiplex_7440_aiooptiplex_7071_tower_firmwareinspiron_3790_firmwareinspiron_3584_firmwarelatitude_9510latitude_5280_mobile_thin_client_firmwarevostro_3591_firmwareinspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwareprecision_tower_3431_small_form_factorlatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarexps_8900_firmwarexps_15_9570_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareoptiplex_3240_aio_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwarelatitude_e7450_firmwareprecision_3930_rackprecision_5530_2-in_1vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_e5550_firmwareg7_15_7590_firmwarexps_13_2-in-1_9365_firmwarelatitude_3480inspiron_15_2-in-1_5579inspiron_5459xps_13_9300_firmwarelatitude_e7450inspiron_14_3468_firmwarelatitude_5280_mobile_thin_clientvostro_3671inspiron_7591inspiron_13_2-in-1_7368_firmwarelatitude_7310inspiron_7500_2_in_1optiplex_5270_aioinspiron_7500latitude_3379vostro_3584_firmwareinspiron_15_2-in-1_7579_firmwareinspiron_5457_firmwarechengming_3990_firmwarelatitude_3390_2-in-1_firmwarelatitude_7414_ruggedvostro_15_5568inspiron_15_5567_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareinspiron_14_5490_firmwareprecision_5530_2-in_1_firmwarevostro_3458optiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeg5_5090_firmwarelatitude_7390vostro_3491_firmwareg3_15_3590vostro_3480_firmwareprecision_7510inspiron_5490_aioxps_27_aio_7760_firmwarechengming_3991_firmwarevostro_7590_firmwarelatitude_e5250_firmwareprecision_3510_firmwarewyse_5070_thin_client_firmwareinspiron_11_2-in-1_3158inspiron_5759latitude_7389_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_13_2-in-1_7373_firmwareoptiplex_5040_firmwareinspiron_3581inspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_7590_2_in_1inspiron_5583inspiron_7500_firmwareinspiron_15_3559inspiron_5591_2-in-1precision_3541_firmwarelatitude_3480_mobile_thin_client_firmwareprecision_7920_firmwareinspiron_15_7572xps_27_aio_7760inspiron_3476_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwareoptiplex_7040_firmwareinspiron_5493inspiron_17_2-in-1_7779_firmwareprecision_3550latitude_7370latitude_7370_firmwarexps_7380optiplex_5070_firmwareinspiron_7790_aio_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490inspiron_17_2-in-1_7773inspiron_13_2-in-1_7378_firmwareinspiron_7390_2_in_1vostro_3070_firmwareprecision_5720_aio_firmwarexps_13_2-in-1_9365latitude_3190_2-in-1vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_5310_2_in_1_firmwareinspiron_17_5767_firmwarelatitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwareinspiron_15_gaming_7566inspiron_13_2-in-1_5378latitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarelatitude_3510inspiron_15_3568_firmwareinspiron_5584precision_3520latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_3459_firmwareinspiron_15_7570latitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390latitude_e7250_firmwareinspiron_11_2-in-1_3153vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566inspiron_15_gaming_7567_firmwarelatitude_3190_firmwareinspiron_5494optiplex_5260_aioinspiron_15_2-in-1_5579_firmwarelatitude_e7270_mobile_thin_clientg3_3779_firmwarexps_13_9300vostro_15_3578latitude_3500_firmwareoptiplex_aio_7770inspiron_13_2-in-1_5379latitude_5285_firmwarelatitude_7210_2_in_1chengming_3991latitude_5288_firmwareinspiron_5559inspiron_7501_firmwareinspiron_5480inspiron_15_2-in-1_7569_firmwareoptiplex_7760_aio_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareprecision_7710_firmwarelatitude_3590inspiron_5400_2_in1_firmwareinspiron_7472_firmwarechengming_3990optiplex_7780_aiovostro_3583latitude_5491_firmwarevostro_5880_firmwareinspiron_3493inspiron_15_7560xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_15_2-in-1_7573_firmwareinspiron_3584inspiron_5482_firmwarelatitude_3410_firmwarevostro_5481wyse_5470_all-in-oneprecision_3530_firmwareinspiron_5583_firmwareinspiron_15_2-in-1_7579latitude_5580_firmwarelatitude_3189vostro_3580inspiron_7472latitude_5175inspiron_14_3467_firmwarevostro_3491inspiron_13_2-in-1_5368vostro_15_3568embedded_box_pc_5000optiplex_7480_aio_firmwareinspiron_15_2-in-1_5568_firmwarexps_7390_2-in-1xps_8900inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwarelatitude_3460_mobile_thin_client_firmwareoptiplex_7080vostro_7500_firmwarelatitude_5480vostro_5471_firmwareinspiron_17_2-in-1_7778_firmwarevostro_3559optiplex_3046g3_15_3500_firmwarelatitude_e7270_mobile_thin_client_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_14_5490inspiron_17_2-in-1_7778inspiron_13_2-in-1_5368_firmwarelatitude_5510vostro_5300_firmwarewyse_5470inspiron_3593_firmwareinspiron_5459_firmwarevostro_3459_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareinspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_5310_2_in_1vostro_15_3568_firmwarelatitude_7410inspiron_3590_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450optiplex_3050_aio_firmwarexps_15_2-in-1_9575_firmwareinspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarevostro_3590_firmwareinspiron_5498optiplex_7440_aio_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarexps_15_7500latitude_5290inspiron_5300latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590latitude_3350vostro_5481_firmwarevostro_5490vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671optiplex_aio_7470inspiron_15_2-in-1_7573inspiron_5582inspiron_5498_firmwareinspiron_13_2-in-1_7368precision_5540vostro_5490_firmwareinspiron_14_3473inspiron_14_3458inspiron_3480optiplex_5270_aio_firmwareinspiron_13_2-in-1_7353latitude_3490latitude_e5450_firmwareprecision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwarelatitude_3300_firmwarevostro_5471precision_3640_towerxps_15_7500_firmwareinspiron_11_2-in-1_3153_firmwareinspiron_5759_firmwareinspiron_7391_2_in_1vostro_5581inspiron_3490latitude_5510_firmwareinspiron_3670_firmwarelatitude_3480_mobile_thin_clientlatitude_7212_rugged_extreme_tabletvostro_15_7570latitude_e5570_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_15_gaming_7566_firmwarelatitude_5289inspiron_5582_firmwarelatitude_3460precision_7820vostro_3471_firmwarelatitude_3410precision_5510_firmwareprecision_3420_towerg5_15_5590wyse_5070_thin_clientinspiron_3881xps_13_9380inspiron_14_gaming_7467precision_3420_tower_firmwareoptiplex_5480_aio_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793inspiron_5481_firmwareprecision_5520_firmwarexps_12_9250chengming_3988inspiron_13_2-in-1_7353_firmwarelatitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareprecision_5540_firmwarevostro_5590inspiron_3268_firmwarexps_15_2-in-1_9575inspiron_13_2-in-1_5378_firmwarevostro_3480inspiron_7500_2_in_1_firmwareg5_15_5500latitude_5450inspiron_15_3568inspiron_5593_firmwareprecision_3630_towerg5_5587latitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070optiplex_3040inspiron_15_2-in-1_7568latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarechengming_3977_firmwareinspiron_15_7560_firmwareinspiron_5391_firmwarelatitude_e5250embedded_box_pc_5000_firmwareoptiplex_7050inspiron_14_3468inspiron_3490_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwarelatitude_7490inspiron_5390latitude_5288optiplex_7060_firmwareg3_3779inspiron_15-3552_firmwareinspiron_14_3473_firmwareoptiplex_5250vostro_3667_firmwarelatitude_e7250precision_7920_tower_firmwarevostro_15_7570_firmwareDell Client Consumer and Commercial platforms
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2020-0047
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.03% / 6.95%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:03
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0177
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126206353

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-39861
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 15.18%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycameraFactoryCamera
CWE ID-CWE-862
Missing Authorization
CVE-2019-17055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.08% / 24.05%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 13:10
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_workstationfedoraenterprise_linux_desktopleapn/a
CWE ID-CWE-862
Missing Authorization
CVE-2019-15876
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.79%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 19:11
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-862
Missing Authorization
CVE-2019-15877
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.92%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 19:11
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-862
Missing Authorization
CVE-2019-15386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.72%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:25
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Action-Not Available
Vendor-lavamobilesn/a
Product-z60s_firmwarez60sn/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-20536
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.03% / 8.55%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-20519
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-20335
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 2.07%
||
7 Day CHG-0.01%
Published-11 Aug, 2022 | 15:29
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-20556
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2022-20446
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2017-17807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-862
Missing Authorization
CVE-2017-5985
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.09% / 26.52%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

Action-Not Available
Vendor-linuxcontainersn/a
Product-lxcn/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-20533
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2021-25409
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-2.4||LOW
EPSS-0.02% / 2.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-862
Missing Authorization
Details not found