CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2020-0270 125 2020-09-17 2020-09-23
4.3
None Remote Medium Not required Partial None None
In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628
952 CVE-2020-0269 281 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626
953 CVE-2020-0268 362 2020-09-18 2020-09-24
4.4
None Local Medium Not required Partial Partial Partial
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643
954 CVE-2020-0267 610 2020-09-17 2020-09-23
9.3
None Remote Medium Not required Complete Complete Complete
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211
955 CVE-2020-0266 862 Bypass 2020-09-17 2020-09-23
7.2
None Local Low Not required Complete Complete Complete
In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459
956 CVE-2020-0265 281 +Info 2020-09-18 2021-07-21
2.1
None Local Low Not required Partial None None
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839
957 CVE-2020-0264 190 Exec Code Overflow 2020-09-17 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596
958 CVE-2020-0263 269 Bypass 2020-09-18 2021-07-21
2.1
None Local Low Not required None None Partial
In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130
959 CVE-2020-0262 2020-09-18 2020-09-24
4.6
None Local Low Not required Partial Partial Partial
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008
960 CVE-2020-0261 269 Bypass 2020-08-13 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841
961 CVE-2020-0260 125 2020-08-11 2020-08-14
6.4
None Remote Low Not required Partial None Partial
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
962 CVE-2020-0259 269 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A
963 CVE-2020-0258 200 +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956
964 CVE-2020-0257 269 Bypass 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968
965 CVE-2020-0256 787 2020-08-11 2021-02-11
7.2
None Local Low Not required Complete Complete Complete
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864
966 CVE-2020-0254 125 2020-08-11 2020-08-12
7.8
None Remote Low Not required Complete None None
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751
967 CVE-2020-0253 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365
968 CVE-2020-0252 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803
969 CVE-2020-0251 125 2020-08-11 2020-08-12
7.8
None Remote Low Not required Complete None None
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626
970 CVE-2020-0250 200 +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934
971 CVE-2020-0249 200 Bypass +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656
972 CVE-2020-0248 200 Bypass +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439
973 CVE-2020-0247 835 DoS 2020-08-11 2021-07-21
4.9
None Local Low Not required None None Complete
In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409
974 CVE-2020-0246 862 2020-10-14 2020-10-16
4.9
None Local Low Not required Complete None None
In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405
975 CVE-2020-0245 787 Exec Code Overflow 2020-09-17 2020-09-23
9.3
None Remote Medium Not required Complete Complete Complete
In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149
976 CVE-2020-0244 125 Exec Code 2020-12-15 2020-12-16
4.3
None Remote Medium Not required Partial None None
In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no clear exfiltration path, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145262423
977 CVE-2020-0243 416 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303
978 CVE-2020-0242 416 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722
979 CVE-2020-0241 415 Mem. Corr. 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667
980 CVE-2020-0240 787 Exec Code Overflow 2020-08-11 2020-08-12
9.3
None Remote Medium Not required Complete Complete Complete
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594
981 CVE-2020-0239 200 Bypass +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863
982 CVE-2020-0238 367 2020-08-11 2020-08-12
6.9
None Local Medium Not required Complete Complete Complete
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634
983 CVE-2020-0236 125 Exec Code 2021-01-26 2021-07-21
5.0
None Remote Low Not required Partial None None
In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android-10, Android ID: A-79703353.
984 CVE-2020-0235 119 Overflow 2020-06-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-135129430
985 CVE-2020-0234 787 2020-06-16 2020-06-22
4.6
None Local Low Not required Partial Partial Partial
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280
986 CVE-2020-0233 416 Mem. Corr. 2020-06-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255
987 CVE-2020-0232 416 2020-06-16 2020-06-22
7.5
None Remote Low Not required Partial Partial Partial
Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714
988 CVE-2020-0231 787 2020-07-17 2020-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727
989 CVE-2020-0230 787 2020-07-17 2020-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262
990 CVE-2020-0229 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725
991 CVE-2020-0228 200 +Info 2020-07-17 2021-07-21
5.0
None Remote Low Not required Partial None None
There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723
992 CVE-2020-0227 276 Exec Code Bypass 2020-07-17 2020-07-21
7.2
None Local Low Not required Complete Complete Complete
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618
993 CVE-2020-0226 843 2020-07-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994
994 CVE-2020-0225 787 Exec Code 2020-07-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
995 CVE-2020-0224 843 Exec Code 2020-07-17 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838
996 CVE-2020-0223 269 2020-06-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450
997 CVE-2020-0221 119 Overflow 2020-05-14 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851
998 CVE-2020-0220 787 2020-05-14 2020-05-15
4.6
None Local Low Not required Partial Partial Partial
In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561
999 CVE-2020-0219 269 2020-06-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081
1000 CVE-2020-0218 787 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.