Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0265 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 | |||||
| CVE-2020-0259 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A | |||||
| CVE-2020-0212 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854 | |||||
| CVE-2020-0188 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147355897 | |||||
| CVE-2020-0312 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099 | |||||
| CVE-2020-0302 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375 | |||||
| CVE-2020-0247 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 | |||||
| CVE-2020-0178 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398 | |||||
| CVE-2020-0226 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994 | |||||
| CVE-2020-0241 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 | |||||
| CVE-2020-0304 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695 | |||||
| CVE-2020-0176 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79702484 | |||||
| CVE-2020-0438 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320 | |||||
| CVE-2020-0243 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303 | |||||
| CVE-2020-0171 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Parse_lart of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313223 | |||||
| CVE-2020-0235 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-135129430 | |||||
| CVE-2019-9411 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204845 | |||||
| CVE-2019-9402 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550 | |||||
| CVE-2020-0194 | 1 Google | 1 Android | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143826590 | |||||
| CVE-2020-11605 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020). | |||||