Android
by Google
CVEs (4,680)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0215 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User… | ||
| CVE-2020-0210 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0209 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2020-0208 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:… | ||
| CVE-2020-0203 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0202 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction… | ||
| CVE-2020-0188 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0183 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479 | ||
| CVE-2020-0179 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:… | ||
| CVE-2020-0166 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0155 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0150 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0137 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0136 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0129 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2020 | In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0118 | Hig | 0.51 | 7.8 | 0.00 | Jun 10, 2020 | In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2020-0114 | Hig | 0.51 | 7.8 | 0.00 | Jun 10, 2020 | In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User… | ||
| CVE-2020-0109 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2020 | In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0105 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2020 | In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is… | ||
| CVE-2020-0102 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2020 | In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:… |
- risk 0.51cvss 7.8epss 0.00
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…
- risk 0.51cvss 7.8epss 0.00
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…
- risk 0.51cvss 7.8epss 0.00
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- risk 0.51cvss 7.8epss 0.00
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479
- risk 0.51cvss 7.8epss 0.00
In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…
Page 52 of 234