Android SDK
by Google
CVEs (1,770)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0275 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not… | ||
| CVE-2020-0266 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0387 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2020-0401 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0394 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is… | ||
| CVE-2020-0392 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0391 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0388 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0257 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2020 | In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0243 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2020 | In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0242 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2020 | In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0241 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2020 | In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0227 | Hig | 0.51 | 7.8 | 0.00 | Jul 17, 2020 | In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges… | ||
| CVE-2020-0219 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2020-0216 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2020-0215 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User… | ||
| CVE-2020-0210 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0203 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0202 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction… | ||
| CVE-2020-0179 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:… |
- risk 0.51cvss 7.8epss 0.00
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not…
- risk 0.51cvss 7.8epss 0.00
In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for…
- risk 0.51cvss 7.8epss 0.00
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges…
- risk 0.51cvss 7.8epss 0.00
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…
- risk 0.51cvss 7.8epss 0.00
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- risk 0.51cvss 7.8epss 0.00
In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:…
Page 29 of 89