Android SDK
by Google
CVEs (1,771)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0440 | Hig | 0.51 | 7.8 | 0.00 | Dec 14, 2020 | In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2020-0099 | Hig | 0.51 | 7.8 | 0.01 | Dec 14, 2020 | In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2020-0439 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional… | ||
| CVE-2020-0418 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813 | ||
| CVE-2020-0409 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10… | ||
| CVE-2020-0423 | Hig | 0.51 | 7.8 | 0.01 | Oct 14, 2020 | In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0421 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2020 | In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0420 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2020 | In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0408 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2020 | In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11… | ||
| CVE-2019-2194 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2020 | In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0319 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0299 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0298 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0273 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0089 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | ||
| CVE-2020-0406 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is… | ||
| CVE-2020-0375 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0374 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 | ||
| CVE-2020-0357 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0346 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed… |
- risk 0.51cvss 7.8epss 0.00
In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- risk 0.51cvss 7.8epss 0.01
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for…
- risk 0.51cvss 7.8epss 0.00
In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional…
- risk 0.51cvss 7.8epss 0.00
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813
- risk 0.51cvss 7.8epss 0.00
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…
- risk 0.51cvss 7.8epss 0.01
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…
- risk 0.51cvss 7.8epss 0.00
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- risk 0.51cvss 7.8epss 0.00
In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602
- risk 0.51cvss 7.8epss 0.00
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed…
Page 28 of 89