CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2020-0321 909 Exec Code 2020-09-17 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907
902 CVE-2020-0320 20 DoS 2020-09-17 2020-09-22
4.3
None Remote Medium Not required None None Partial
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427
903 CVE-2020-0319 787 2020-09-18 2020-09-21
6.8
None Remote Medium Not required Partial Partial Partial
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765
904 CVE-2020-0318 755 DoS 2020-09-18 2020-09-24
4.9
None Local Low Not required None None Complete
In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131
905 CVE-2020-0317 276 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929
906 CVE-2020-0316 276 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919
907 CVE-2020-0315 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026
908 CVE-2020-0314 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920
909 CVE-2020-0313 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989
910 CVE-2020-0312 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099
911 CVE-2020-0311 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642
912 CVE-2020-0310 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468
913 CVE-2020-0309 190 Overflow 2020-09-18 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320
914 CVE-2020-0308 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357
915 CVE-2020-0307 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867
916 CVE-2020-0306 269 2020-09-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480
917 CVE-2020-0305 362 2020-07-17 2020-08-21
4.4
None Local Medium Not required Partial Partial Partial
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
918 CVE-2020-0304 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695
919 CVE-2020-0303 416 Exec Code 2020-09-17 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229
920 CVE-2020-0302 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375
921 CVE-2020-0301 20 DoS 2020-09-17 2020-09-21
4.3
None Remote Medium Not required None None Partial
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460
922 CVE-2020-0300 125 2020-09-18 2021-07-21
5.0
None Remote Low Not required Partial None None
In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216
923 CVE-2020-0299 276 2020-09-18 2020-09-21
4.6
None Local Low Not required Partial Partial Partial
In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119
924 CVE-2020-0298 276 2020-09-18 2020-09-21
4.6
None Local Low Not required Partial Partial Partial
In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266
925 CVE-2020-0297 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624
926 CVE-2020-0296 276 Bypass 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209
927 CVE-2020-0295 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969
928 CVE-2020-0294 276 Bypass 2020-09-18 2020-12-14
2.1
None Local Low Not required Partial None None
In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372
929 CVE-2020-0293 276 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A-141455849
930 CVE-2020-0292 125 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252
931 CVE-2020-0291 125 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016
932 CVE-2020-0290 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866
933 CVE-2020-0289 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872
934 CVE-2020-0288 863 2020-09-17 2021-07-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991
935 CVE-2020-0287 400 DoS 2020-09-17 2021-07-21
4.3
None Remote Medium Not required None None Partial
In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394
936 CVE-2020-0286 200 +Info 2020-09-18 2021-07-21
5.0
None Remote Low Not required Partial None None
In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479
937 CVE-2020-0285 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479
938 CVE-2020-0284 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784
939 CVE-2020-0283 787 2020-10-14 2020-10-15
9.4
None Remote Low Not required None Complete Complete
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257
940 CVE-2020-0282 125 2020-09-18 2020-09-21
3.5
None Remote Medium ??? Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224
941 CVE-2020-0281 125 2020-09-18 2020-09-21
3.5
None Remote Medium ??? Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778
942 CVE-2020-0280 125 2020-12-15 2020-12-15
1.9
None Local Medium Not required Partial None None
In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424
943 CVE-2020-0279 125 2020-09-17 2020-09-21
4.3
None Remote Medium Not required Partial None None
In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997
944 CVE-2020-0278 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574
945 CVE-2020-0277 862 Bypass 2020-09-17 2020-09-21
4.6
None Local Low Not required Partial Partial Partial
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993
946 CVE-2020-0276 276 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586
947 CVE-2020-0275 276 Bypass 2020-09-17 2020-09-23
7.2
None Local Low Not required Complete Complete Complete
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736
948 CVE-2020-0274 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925
949 CVE-2020-0273 787 2020-09-18 2020-09-18
4.6
None Local Low Not required Partial Partial Partial
In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800
950 CVE-2020-0272 665 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.