Android
by Google
CVEs (4,717)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2194 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2020 | In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-0405 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0319 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0299 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0273 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0262 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android… | ||
| CVE-2020-0089 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2020 | In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | ||
| CVE-2020-0375 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0374 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 | ||
| CVE-2020-0366 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2020-0360 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android… | ||
| CVE-2020-0357 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0346 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2020-0345 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721 | ||
| CVE-2020-0341 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0277 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction… | ||
| CVE-2020-0275 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not… | ||
| CVE-2020-0267 | Hig | 0.51 | 7.8 | 0.01 | Sep 17, 2020 | In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is… | ||
| CVE-2020-0266 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2020-0434 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2020 | In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… |
- risk 0.51cvss 7.8epss 0.00
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android…
- risk 0.51cvss 7.8epss 0.00
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- risk 0.51cvss 7.8epss 0.00
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602
- risk 0.51cvss 7.8epss 0.00
In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android…
- risk 0.51cvss 7.8epss 0.00
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed…
- risk 0.51cvss 7.8epss 0.00
In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721
- risk 0.51cvss 7.8epss 0.00
In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction…
- risk 0.51cvss 7.8epss 0.00
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not…
- risk 0.51cvss 7.8epss 0.01
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
Page 64 of 236