Total
8335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0100 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 | |||||
| CVE-2020-0099 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510 | |||||
| CVE-2020-0098 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 | |||||
| CVE-2020-0097 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 | |||||
| CVE-2020-0096 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 | |||||
| CVE-2020-0094 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871 | |||||
| CVE-2020-0093 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
| In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 | |||||
| CVE-2020-0092 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
| In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 | |||||
| CVE-2020-0091 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | |||||
| CVE-2020-0090 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 | |||||
| CVE-2020-0089 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 | |||||
| CVE-2020-0088 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881 | |||||
| CVE-2020-0087 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127989044 | |||||
| CVE-2020-0086 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347 | |||||
| CVE-2020-0085 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134487438 | |||||
| CVE-2020-0084 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775 | |||||
| CVE-2020-0083 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954 | |||||
| CVE-2020-0082 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417434 | |||||
| CVE-2020-0081 | 2 Fedoraproject, Google | 2 Fedora, Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297 | |||||
| CVE-2020-0080 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144092031 | |||||