Android SDK
by Google
CVEs (1,765)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0093 | 0.00 | — | 0.00 | May 14, 2020 | In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | |||
| CVE-2020-0106 | 0.00 | — | 0.00 | May 14, 2020 | In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0103 | 0.00 | — | 0.02 | May 14, 2020 | In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0097 | 0.00 | — | 0.00 | May 14, 2020 | In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0096 | 0.00 | — | 0.01 | May 14, 2020 | In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0101 | 0.00 | — | 0.00 | May 14, 2020 | In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0104 | 0.00 | — | 0.00 | May 14, 2020 | In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0098 | 0.00 | — | 0.00 | May 14, 2020 | In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0024 | 0.00 | — | 0.00 | May 14, 2020 | In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | |||
| CVE-2020-0077 | 0.00 | — | 0.00 | Apr 17, 2020 | In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0075 | 0.00 | — | 0.00 | Apr 17, 2020 | In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0076 | 0.00 | — | 0.00 | Apr 17, 2020 | In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0073 | 0.00 | — | 0.01 | Apr 17, 2020 | In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0072 | 0.00 | — | 0.01 | Apr 17, 2020 | In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0071 | 0.00 | — | 0.01 | Apr 17, 2020 | In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0070 | 0.00 | — | 0.01 | Apr 17, 2020 | In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0079 | 0.00 | — | 0.00 | Apr 17, 2020 | In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9… | |||
| CVE-2020-0082 | 0.00 | — | 0.00 | Apr 17, 2020 | In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2020-0081 | 0.00 | — | 0.00 | Apr 17, 2020 | In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0… | |||
| CVE-2020-0080 | 0.00 | — | 0.00 | Apr 17, 2020 | In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User… |
- CVE-2020-0093May 14, 2020risk 0.00cvss —epss 0.00
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- CVE-2020-0106May 14, 2020risk 0.00cvss —epss 0.00
In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0103May 14, 2020risk 0.00cvss —epss 0.02
In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0097May 14, 2020risk 0.00cvss —epss 0.00
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0096May 14, 2020risk 0.00cvss —epss 0.01
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0101May 14, 2020risk 0.00cvss —epss 0.00
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0104May 14, 2020risk 0.00cvss —epss 0.00
In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for…
- CVE-2020-0098May 14, 2020risk 0.00cvss —epss 0.00
In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0024May 14, 2020risk 0.00cvss —epss 0.00
In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- CVE-2020-0077Apr 17, 2020risk 0.00cvss —epss 0.00
In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0075Apr 17, 2020risk 0.00cvss —epss 0.00
In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0076Apr 17, 2020risk 0.00cvss —epss 0.00
In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0073Apr 17, 2020risk 0.00cvss —epss 0.01
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0072Apr 17, 2020risk 0.00cvss —epss 0.01
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0071Apr 17, 2020risk 0.00cvss —epss 0.01
In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for…
- CVE-2020-0070Apr 17, 2020risk 0.00cvss —epss 0.01
In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0079Apr 17, 2020risk 0.00cvss —epss 0.00
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…
- CVE-2020-0082Apr 17, 2020risk 0.00cvss —epss 0.00
In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed…
- CVE-2020-0081Apr 17, 2020risk 0.00cvss —epss 0.00
In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0…
- CVE-2020-0080Apr 17, 2020risk 0.00cvss —epss 0.00
In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User…
Page 68 of 89