Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0028 | 0.00 | — | 0.03 | Feb 13, 2020 | In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | |||
| CVE-2020-0020 | 0.00 | — | 0.00 | Feb 13, 2020 | In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for… | |||
| CVE-2020-0014 | 0.00 | — | 0.01 | Feb 13, 2020 | It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product:… | |||
| CVE-2011-3901 | 0.00 | — | 0.01 | Feb 12, 2020 | Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | |||
| CVE-2011-2343 | 0.00 | — | 0.00 | Feb 12, 2020 | The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | |||
| CVE-2014-7224 | 0.00 | — | 0.02 | Feb 7, 2020 | A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | |||
| CVE-2020-0004 | 0.00 | — | 0.00 | Jan 8, 2020 | In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2014-9908 | 0.00 | — | 0.00 | Jan 8, 2020 | A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | |||
| CVE-2019-9465 | 0.00 | — | 0.00 | Jan 7, 2020 | In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2019-9470 | 0.00 | — | 0.00 | Jan 6, 2020 | In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android… | |||
| CVE-2019-2221 | 0.00 | — | 0.00 | Dec 6, 2019 | In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2019-2232 | 0.00 | — | 0.01 | Dec 6, 2019 | In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2019-9467 | 0.00 | — | 0.00 | Nov 13, 2019 | In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | |||
| CVE-2019-2210 | 0.00 | — | 0.00 | Nov 13, 2019 | In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2019-2209 | 0.00 | — | 0.00 | Nov 13, 2019 | In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2019-2208 | 0.00 | — | 0.01 | Nov 13, 2019 | In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is… | |||
| CVE-2019-2203 | 0.00 | — | 0.00 | Nov 13, 2019 | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2019-2201 | 0.00 | — | 0.03 | Nov 13, 2019 | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2019-2199 | 0.00 | — | 0.00 | Nov 13, 2019 | In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android… | |||
| CVE-2019-2114 | 0.00 | — | 0.00 | Oct 11, 2019 | In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed.… |
- CVE-2020-0028Feb 13, 2020risk 0.00cvss —epss 0.03
In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- CVE-2020-0020Feb 13, 2020risk 0.00cvss —epss 0.00
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…
- CVE-2020-0014Feb 13, 2020risk 0.00cvss —epss 0.01
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product:…
- CVE-2011-3901Feb 12, 2020risk 0.00cvss —epss 0.01
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.
- CVE-2011-2343Feb 12, 2020risk 0.00cvss —epss 0.00
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.
- CVE-2014-7224Feb 7, 2020risk 0.00cvss —epss 0.02
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
- CVE-2020-0004Jan 8, 2020risk 0.00cvss —epss 0.00
In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2014-9908Jan 8, 2020risk 0.00cvss —epss 0.00
A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).
- CVE-2019-9465Jan 7, 2020risk 0.00cvss —epss 0.00
In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2019-9470Jan 6, 2020risk 0.00cvss —epss 0.00
In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android…
- CVE-2019-2221Dec 6, 2019risk 0.00cvss —epss 0.00
In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2019-2232Dec 6, 2019risk 0.00cvss —epss 0.01
In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2019-9467Nov 13, 2019risk 0.00cvss —epss 0.00
In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- CVE-2019-2210Nov 13, 2019risk 0.00cvss —epss 0.00
In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2019-2209Nov 13, 2019risk 0.00cvss —epss 0.00
In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2019-2208Nov 13, 2019risk 0.00cvss —epss 0.01
In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is…
- CVE-2019-2203Nov 13, 2019risk 0.00cvss —epss 0.00
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2019-2201Nov 13, 2019risk 0.00cvss —epss 0.03
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for…
- CVE-2019-2199Nov 13, 2019risk 0.00cvss —epss 0.00
In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android…
- CVE-2019-2114Oct 11, 2019risk 0.00cvss —epss 0.00
In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed.…
Page 187 of 203