CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24367
https://notcve.org/view.php?id=CVE-2020-24367
10 Nov 2020 — Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. Los permisos de archivo incorrectos en BlueStacks versiones 4 hasta 4.230 en Windows, permiten a un atacante local escalar los privilegios al modificar un archivo que es luego ejecutado por un usuario muy privilegiado • https://support.bluestacks.com/hc/en-us/articles/360051471652--Bluestacks-update-fixes-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-14220
https://notcve.org/view.php?id=CVE-2019-14220
24 Sep 2019 — An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not auth... • https://github.com/seqred-s-a/cve-2019-14220 • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12936
https://notcve.org/view.php?id=CVE-2019-12936
23 Jun 2019 — BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions. BlueStacks App Player 2, 3 y 4 anterior a la versión 4.90 permite el reenlace de DNS para ataques a funciones IPC expuestas. • https://support.bluestacks.com/hc/en-us/articles/360021469391-Release-Notes • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0701
https://notcve.org/view.php?id=CVE-2018-0701
15 Nov 2018 — BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access. BlueStacks App Player (BlueStacks App Player para Windows, de la versión 3.0.0 a la 4.31.55, BlueStacks App Player para macOS, en versiones 2.0.0 y posteriores) permite que un atacante en el mismo segmento de red omita las restricciones de acceso para obtener acceso no autorizado. • http://jvn.jp/en/jp/JVN60702986/index.html •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-4288
https://notcve.org/view.php?id=CVE-2016-4288
06 Jan 2017 — A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges. Existe una vulnerabilidad de escalada de privilegios local en BlueStacks App Player. El instalador de BlueStacks App Player crea una clave de registro con permisos débiles que permite a usuarios ejecutar programas arbitrarios con privilegios de SYSTEM. • http://www.securityfocus.com/bid/92426 • CWE-275: Permission Issues •