CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1951 CVE-2020-0352 89 Sql Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310
1952 CVE-2020-0349 125 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779
1953 CVE-2020-0344 89 Sql Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887
1954 CVE-2020-0343 276 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472
1955 CVE-2020-0338 610 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107
1956 CVE-2020-0337 610 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382
1957 CVE-2020-0331 281 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310
1958 CVE-2020-0329 125 Exec Code 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940
1959 CVE-2020-0328 190 Overflow 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131
1960 CVE-2020-0327 281 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407
1961 CVE-2020-0325 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309
1962 CVE-2020-0323 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087
1963 CVE-2020-0322 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540
1964 CVE-2020-0317 276 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929
1965 CVE-2020-0316 276 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919
1966 CVE-2020-0315 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026
1967 CVE-2020-0314 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920
1968 CVE-2020-0313 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989
1969 CVE-2020-0312 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099
1970 CVE-2020-0311 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642
1971 CVE-2020-0310 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468
1972 CVE-2020-0308 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357
1973 CVE-2020-0307 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867
1974 CVE-2020-0304 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695
1975 CVE-2020-0302 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375
1976 CVE-2020-0297 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624
1977 CVE-2020-0296 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209
1978 CVE-2020-0295 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969
1979 CVE-2020-0294 276 Bypass 2020-09-18 2020-12-14
2.1
None Local Low Not required Partial None None
In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372
1980 CVE-2020-0293 276 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A-141455849
1981 CVE-2020-0292 125 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252
1982 CVE-2020-0291 125 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016
1983 CVE-2020-0290 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866
1984 CVE-2020-0289 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872
1985 CVE-2020-0288 863 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991
1986 CVE-2020-0285 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479
1987 CVE-2020-0284 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784
1988 CVE-2020-0276 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586
1989 CVE-2020-0274 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925
1990 CVE-2020-0272 665 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487
1991 CVE-2020-0269 281 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626
1992 CVE-2020-0265 281 +Info 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839
1993 CVE-2020-0263 269 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required None None Partial
In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130
1994 CVE-2020-0206 20 DoS 2020-06-11 2020-06-15
2.1
None Local Low Not required None None Partial
In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005061
1995 CVE-2020-0197 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379
1996 CVE-2020-0187 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383
1997 CVE-2020-0185 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152
1998 CVE-2020-0178 200 +Info 2020-06-11 2021-07-21
2.1
None Local Low Not required Partial None None
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398
1999 CVE-2020-0177 269 Bypass 2020-06-11 2021-07-21
2.1
None Local Low Not required None Partial None
In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126206353
2000 CVE-2020-0164 125 2020-06-11 2020-06-11
2.1
None Local Low Not required Partial None None
In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.