CVE-2020-0471

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567.

Publication date: Tue, 12 Jan 2021 04:15:00 +0000

Cyber News related to CVE-2020-0471

CVE-2020-0471 - In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by ...
3 years ago

CVE-2014-3127 - dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct ...
10 years ago

CVE-2001-0471 - SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack. ...
16 years ago

CVE-2002-0471 - PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable. ...
16 years ago

CVE-2010-0471 - SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. ...
14 years ago

CVE-2014-0471 - Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename ...
9 years ago

CVE-2016-0471 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via unknown vectors related to Multichannel Framework. ...
8 years ago

CVE-2003-0471 - Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. ...
8 years ago

CVE-2015-0471 - Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. ...
7 years ago

CVE-2004-0471 - BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of ...
7 years ago

CVE-2005-0471 - Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the ...
7 years ago

CVE-2017-0471 - A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code ...
7 years ago

CVE-2013-0471 - The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via ...
7 years ago

CVE-2012-0471 - Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web ...
6 years ago

CVE-2009-0471 - Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. ...
6 years ago

CVE-2008-0471 - Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. ...
6 years ago

CVE-2007-0471 - sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report ...
6 years ago

CVE-2006-0471 - Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. ...
6 years ago

CVE-2000-0471 - Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. ...
6 years ago

CVE-2011-0471 - The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown ...
4 years ago

CVE-2018-0471 - A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The ...
4 years ago

CVE-2021-0471 - In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ...
3 years ago

CVE-2022-0471 - The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue ...
2 years ago

CVE-1999-0471 - The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. ...
2 years ago

CVE-2023-0471 - Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ...
1 year ago

Latest Cyber News

CVE-2024-12884 - 1 day ago
CVE-2024-51463 - 1 day ago
CVE-2024-51464 - 1 day ago
CVE-2024-12883 - 1 day ago
CVE-2024-12875 - 1 day ago
CVE-2024-12591 - 1 day ago
CVE-2024-12408 - 1 day ago
CVE-2024-12558 - 1 day ago
CVE-2024-11722 - 1 day ago
CVE-2024-11688 - 1 day ago
CVE-2024-10453 - 1 day ago
CVE-2024-11808 - 1 day ago
CVE-2024-12588 - 1 day ago
CVE-2024-9545 - 1 day ago
CVE-2024-10797 - 1 day ago
CVE-2024-12262 - 1 day ago
CVE-2024-12635 - 1 day ago
CVE-2024-12697 - 1 day ago
CVE-2024-12721 - 1 day ago
CVE-2024-12771 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-12841 - 1 day ago
CVE-2024-37758 - 1 day ago
CVE-2024-55342 - 1 day ago
CVE-2024-12842 - 1 day ago
CVE-2024-12867 - 1 day ago
CVE-2024-55341 - 1 day ago
CVE-2024-56329 - 1 day ago
CVE-2024-56330 - 1 day ago
CVE-2024-56331 - 1 day ago
CVE-2024-56333 - 1 day ago
CVE-2024-12843 - 1 day ago
CVE-2024-12844 - 1 day ago
CVE-2024-40875 - 1 day ago
CVE-2024-55509 - 1 day ago
CVE-2024-56334 - 1 day ago
CVE-2024-56335 - 1 day ago
CVE-2024-56357 - 1 day ago
CVE-2024-56358 - 1 day ago
CVE-2024-56359 - 1 day ago
CVE-2020-13712 - 1 day ago