Android SDK
by Google
CVEs (1,765)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0032 | 0.00 | — | 0.02 | Mar 10, 2020 | In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0031 | 0.00 | — | 0.00 | Mar 10, 2020 | In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User… | |||
| CVE-2020-0027 | 0.00 | — | 0.00 | Feb 13, 2020 | In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-0026 | 0.00 | — | 0.00 | Feb 13, 2020 | In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0023 | 0.00 | — | 0.00 | Feb 13, 2020 | In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User… | |||
| CVE-2020-0021 | 0.00 | — | 0.01 | Feb 13, 2020 | In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0018 | 0.00 | — | 0.00 | Feb 13, 2020 | In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0017 | 0.00 | — | 0.00 | Feb 13, 2020 | In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | |||
| CVE-2019-2200 | 0.00 | — | 0.00 | Feb 13, 2020 | In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is… | |||
| CVE-2020-0015 | 0.00 | — | 0.00 | Feb 13, 2020 | In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2011-3901 | 0.00 | — | 0.01 | Feb 12, 2020 | Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | |||
| CVE-2015-1530 | 0.00 | — | 0.00 | Jan 24, 2020 | media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | |||
| CVE-2020-0008 | 0.00 | — | 0.00 | Jan 8, 2020 | In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2020-0007 | 0.00 | — | 0.00 | Jan 8, 2020 | In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2020-0006 | 0.00 | — | 0.01 | Jan 8, 2020 | In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed… | |||
| CVE-2020-0003 | 0.00 | — | 0.00 | Jan 8, 2020 | In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.… | |||
| CVE-2020-0002 | 0.00 | — | 0.01 | Jan 8, 2020 | In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0,… | |||
| CVE-2019-9468 | 0.00 | — | 0.00 | Jan 6, 2020 | In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10… | |||
| CVE-2019-2227 | 0.00 | — | 0.00 | Dec 6, 2019 | In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2019-2222 | 0.00 | — | 0.01 | Dec 6, 2019 | n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:… |
- CVE-2020-0032Mar 10, 2020risk 0.00cvss —epss 0.02
In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0031Mar 10, 2020risk 0.00cvss —epss 0.00
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User…
- CVE-2020-0027Feb 13, 2020risk 0.00cvss —epss 0.00
In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-0026Feb 13, 2020risk 0.00cvss —epss 0.00
In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0023Feb 13, 2020risk 0.00cvss —epss 0.00
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User…
- CVE-2020-0021Feb 13, 2020risk 0.00cvss —epss 0.01
In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for…
- CVE-2020-0018Feb 13, 2020risk 0.00cvss —epss 0.00
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0017Feb 13, 2020risk 0.00cvss —epss 0.00
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- CVE-2019-2200Feb 13, 2020risk 0.00cvss —epss 0.00
In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…
- CVE-2020-0015Feb 13, 2020risk 0.00cvss —epss 0.00
In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…
- CVE-2011-3901Feb 12, 2020risk 0.00cvss —epss 0.01
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.
- CVE-2015-1530Jan 24, 2020risk 0.00cvss —epss 0.00
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.
- CVE-2020-0008Jan 8, 2020risk 0.00cvss —epss 0.00
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2020-0007Jan 8, 2020risk 0.00cvss —epss 0.00
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2020-0006Jan 8, 2020risk 0.00cvss —epss 0.01
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed…
- CVE-2020-0003Jan 8, 2020risk 0.00cvss —epss 0.00
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.…
- CVE-2020-0002Jan 8, 2020risk 0.00cvss —epss 0.01
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0,…
- CVE-2019-9468Jan 6, 2020risk 0.00cvss —epss 0.00
In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10…
- CVE-2019-2227Dec 6, 2019risk 0.00cvss —epss 0.00
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2019-2222Dec 6, 2019risk 0.00cvss —epss 0.01
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
Page 70 of 89