Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-2168 | 1 Google | 1 Android | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492594 | |||||
CVE-2019-9463 | 1 Google | 1 Android | 2020-08-24 | 4.4 MEDIUM | 7.3 HIGH |
In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113584607 | |||||
CVE-2019-9421 | 1 Google | 1 Android | 2020-08-24 | 1.9 LOW | 5.0 MEDIUM |
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250 | |||||
CVE-2019-9420 | 1 Google | 1 Android | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481 | |||||
CVE-2019-9465 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003 | |||||
CVE-2019-9443 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2019-9407 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112434609 | |||||
CVE-2019-9469 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130246677 | |||||
CVE-2019-9418 | 1 Google | 1 Android | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210 | |||||
CVE-2019-9436 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. | |||||
CVE-2020-0260 | 1 Google | 1 Android | 2020-08-14 | 6.4 MEDIUM | 9.1 CRITICAL |
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 | |||||
CVE-2020-15650 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | |||||
CVE-2020-15649 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | |||||
CVE-2020-15647 | 2 Google, Mozilla | 2 Android, Firefox | 2020-08-12 | 5.0 MEDIUM | 7.4 HIGH |
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. | |||||
CVE-2020-0238 | 1 Google | 1 Android | 2020-08-12 | 6.9 MEDIUM | 7.0 HIGH |
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 | |||||
CVE-2020-0240 | 1 Google | 1 Android | 2020-08-12 | 9.3 HIGH | 8.8 HIGH |
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594 | |||||
CVE-2020-0254 | 1 Google | 1 Android | 2020-08-12 | 7.8 HIGH | 7.5 HIGH |
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 | |||||
CVE-2020-0251 | 1 Google | 1 Android | 2020-08-12 | 7.8 HIGH | 7.5 HIGH |
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 | |||||
CVE-2016-5344 | 2 Google, Linux | 2 Android, Linux Kernel | 2020-08-04 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. | |||||
CVE-2016-5342 | 2 Google, Linux | 2 Android, Linux Kernel | 2020-08-04 | 7.2 HIGH | 7.8 HIGH |
Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. |