CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2020-0496 416 Mem. Corr. 2020-12-15 2021-07-21
2.1
None Local Low Not required Partial None None
In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-149481220
752 CVE-2020-0495 190 Exec Code Overflow 2020-12-15 2021-07-21
2.1
None Local Low Not required Partial None None
In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155473137
753 CVE-2020-0494 125 Overflow 2020-12-15 2020-12-15
4.3
None Remote Medium Not required Partial None None
In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152895390
754 CVE-2020-0493 125 2020-12-15 2021-07-21
2.1
None Local Low Not required Partial None None
In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150615407
755 CVE-2020-0492 125 Overflow 2020-12-15 2020-12-15
4.3
None Remote Medium Not required Partial None None
In BitstreamFillCache of bitstream.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264
756 CVE-2020-0491 400 DoS 2020-12-15 2021-07-21
4.3
None Remote Medium Not required None None Partial
In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156819528
757 CVE-2020-0490 125 2020-12-15 2020-12-16
4.3
None Remote Medium Not required Partial None None
In floor1_info_unpack of floor1.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155560008
758 CVE-2020-0489 787 Exec Code 2020-12-15 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151096540
759 CVE-2020-0488 824 2020-12-15 2021-07-21
4.3
None Remote Medium Not required Partial None None
In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516
760 CVE-2020-0486 276 Bypass 2020-12-15 2020-12-16
4.6
None Local Low Not required Partial Partial Partial
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116
761 CVE-2020-0485 276 2020-12-15 2020-12-16
4.6
None Local Low Not required Partial Partial Partial
In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166125765
762 CVE-2020-0484 416 Mem. Corr. 2020-12-15 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496
763 CVE-2020-0483 415 Mem. Corr. 2020-12-15 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155647761
764 CVE-2020-0482 125 Exec Code 2020-12-15 2020-12-16
2.1
None Local Low Not required Partial None None
In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572
765 CVE-2020-0481 863 Bypass 2020-12-15 2020-12-16
2.1
None Local Low Not required None Partial None
In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962
766 CVE-2020-0480 863 Bypass 2020-12-15 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320716
767 CVE-2020-0479 863 Bypass 2020-12-15 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157294893
768 CVE-2020-0478 787 2020-12-15 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418
769 CVE-2020-0477 863 2020-12-15 2021-07-21
2.1
None Local Low Not required Partial None None
In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414
770 CVE-2020-0476 532 +Info 2020-12-15 2020-12-16
2.1
None Local Low Not required Partial None None
In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574
771 CVE-2020-0475 276 2020-12-15 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162324374
772 CVE-2020-0474 416 2020-12-15 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240
773 CVE-2020-0473 863 Bypass 2020-12-15 2020-12-16
2.1
None Local Low Not required None Partial None
In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486
774 CVE-2020-0471 269 2021-01-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567.
775 CVE-2020-0470 787 Overflow 2020-12-14 2020-12-15
4.3
None Remote Medium Not required Partial None None
In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541
776 CVE-2020-0469 DoS 2020-12-14 2020-12-15
2.1
None Local Low Not required None None Partial
In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734
777 CVE-2020-0468 276 Bypass 2020-12-14 2021-07-21
2.1
None Local Low Not required Partial None None
In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422
778 CVE-2020-0467 2020-12-14 2021-07-21
2.1
None Local Low Not required Partial None None
In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-168500792
779 CVE-2020-0466 416 2020-12-14 2020-12-15
7.2
None Local Low Not required Complete Complete Complete
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
780 CVE-2020-0465 787 2020-12-14 2021-03-08
7.2
None Local Low Not required Complete Complete Complete
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
781 CVE-2020-0464 203 2020-12-14 2020-12-15
2.1
None Local Low Not required Partial None None
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903
782 CVE-2020-0463 125 2020-12-14 2020-12-15
5.0
None Remote Low Not required Partial None None
In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531
783 CVE-2020-0460 2020-12-14 2021-07-21
5.0
None Remote Low Not required Partial None None
In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-163413737
784 CVE-2020-0459 276 +Info 2020-12-14 2021-07-21
2.1
None Local Low Not required Partial None None
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687
785 CVE-2020-0458 190 Exec Code Overflow 2020-12-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
786 CVE-2020-0457 787 2020-12-14 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562
787 CVE-2020-0456 787 2020-12-14 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843
788 CVE-2020-0455 787 2020-12-14 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514
789 CVE-2020-0454 732 Bypass 2020-11-10 2021-07-21
2.1
None Local Low Not required Partial None None
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134
790 CVE-2020-0453 276 Bypass 2020-11-10 2021-07-21
2.1
None Local Low Not required Partial None None
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
791 CVE-2020-0452 190 Exec Code Overflow 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
792 CVE-2020-0451 787 Exec Code Overflow 2020-11-10 2020-11-10
9.3
None Remote Medium Not required Complete Complete Complete
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825
793 CVE-2020-0450 665 2020-11-10 2021-07-21
4.3
None Remote Medium Not required Partial None None
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336
794 CVE-2020-0449 416 Exec Code Mem. Corr. 2020-11-10 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143
795 CVE-2020-0448 276 2020-11-10 2021-07-21
2.1
None Local Low Not required Partial None None
In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334
796 CVE-2020-0447 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617
797 CVE-2020-0446 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528
798 CVE-2020-0445 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527
799 CVE-2020-0444 269 2020-12-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel
800 CVE-2020-0443 754 DoS 2020-11-10 2021-07-21
2.1
None Local Low Not required None None Partial
In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.