CVE-2016-0848

HIGH Year: 2016
CVSS v3 Score
8.4
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-362
View all →

Vulnerability Description

Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.

Related Vulnerabilities

CVE-2024-0041

HIGH
CVSS:8.4(High)

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to rem...

CWE-3622024

CVE-2024-32908

HIGH
CVSS:8.4(High)

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User in...

CWE-3622024

CVE-2024-34732

HIGH
CVSS:8.4(High)

In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution ...

CWE-3622024

CVE-2017-16857

HIGH
CVSS:8.5(High)

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsusp...

CWE-3622017

CVE-2019-9818

HIGH
CVSS:8.3(High)

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploit...

CWE-3622019

CVE-2020-1645

HIGH
CVSS:8.3(High)

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management ...

CWE-3622020