Android SDK
by Google
CVEs (1,765)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9474 | 0.00 | — | 0.01 | Mar 15, 2020 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID:… | |||
| CVE-2019-9473 | 0.00 | — | 0.01 | Mar 15, 2020 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID:… | |||
| CVE-2020-0086 | 0.00 | — | 0.01 | Mar 15, 2020 | In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for… | |||
| CVE-2019-2089 | 0.00 | — | 0.00 | Mar 15, 2020 | In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions:… | |||
| CVE-2019-2216 | 0.00 | — | 0.00 | Mar 15, 2020 | In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for… | |||
| CVE-2020-0057 | 0.00 | — | 0.00 | Mar 10, 2020 | In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0056 | 0.00 | — | 0.00 | Mar 10, 2020 | In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0055 | 0.00 | — | 0.00 | Mar 10, 2020 | In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0054 | 0.00 | — | 0.00 | Mar 10, 2020 | In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2020-0050 | 0.00 | — | 0.00 | Mar 10, 2020 | In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0049 | 0.00 | — | 0.01 | Mar 10, 2020 | In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0047 | 0.00 | — | 0.00 | Mar 10, 2020 | In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311 | |||
| CVE-2020-0046 | 0.00 | — | 0.00 | Mar 10, 2020 | In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0087 | 0.00 | — | 0.00 | Mar 10, 2020 | In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0084 | 0.00 | — | 0.00 | Mar 10, 2020 | In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0045 | 0.00 | — | 0.00 | Mar 10, 2020 | In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0060 | 0.00 | — | 0.00 | Mar 10, 2020 | In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0038 | 0.00 | — | 0.01 | Mar 10, 2020 | In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0036 | 0.00 | — | 0.00 | Mar 10, 2020 | In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0033 | 0.00 | — | 0.00 | Mar 10, 2020 | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… |
- CVE-2019-9474Mar 15, 2020risk 0.00cvss —epss 0.01
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID:…
- CVE-2019-9473Mar 15, 2020risk 0.00cvss —epss 0.01
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID:…
- CVE-2020-0086Mar 15, 2020risk 0.00cvss —epss 0.01
In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for…
- CVE-2019-2089Mar 15, 2020risk 0.00cvss —epss 0.00
In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions:…
- CVE-2019-2216Mar 15, 2020risk 0.00cvss —epss 0.00
In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for…
- CVE-2020-0057Mar 10, 2020risk 0.00cvss —epss 0.00
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0056Mar 10, 2020risk 0.00cvss —epss 0.00
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0055Mar 10, 2020risk 0.00cvss —epss 0.00
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0054Mar 10, 2020risk 0.00cvss —epss 0.00
In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- CVE-2020-0050Mar 10, 2020risk 0.00cvss —epss 0.00
In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for…
- CVE-2020-0049Mar 10, 2020risk 0.00cvss —epss 0.01
In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0047Mar 10, 2020risk 0.00cvss —epss 0.00
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311
- CVE-2020-0046Mar 10, 2020risk 0.00cvss —epss 0.00
In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0087Mar 10, 2020risk 0.00cvss —epss 0.00
In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0084Mar 10, 2020risk 0.00cvss —epss 0.00
In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for…
- CVE-2020-0045Mar 10, 2020risk 0.00cvss —epss 0.00
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0060Mar 10, 2020risk 0.00cvss —epss 0.00
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0038Mar 10, 2020risk 0.00cvss —epss 0.01
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0036Mar 10, 2020risk 0.00cvss —epss 0.00
In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2020-0033Mar 10, 2020risk 0.00cvss —epss 0.00
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
Page 69 of 89