CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2020-0225 787 Exec Code 2020-07-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
1002 CVE-2020-0224 843 Exec Code 2020-07-17 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838
1003 CVE-2020-0223 269 2020-06-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450
1004 CVE-2020-0221 119 Overflow 2020-05-14 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851
1005 CVE-2020-0220 787 2020-05-14 2020-05-15
4.6
None Local Low Not required Partial Partial Partial
In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561
1006 CVE-2020-0219 269 2020-06-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081
1007 CVE-2020-0218 787 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905
1008 CVE-2020-0217 787 Exec Code 2020-06-11 2020-06-12
7.5
None Remote Low Not required Partial Partial Partial
In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141331405
1009 CVE-2020-0216 190 Overflow 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126204073
1010 CVE-2020-0215 276 Bypass +Info 2020-06-11 2020-10-14
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248
1011 CVE-2020-0214 125 2020-06-11 2020-06-12
5.0
None Remote Low Not required Partial None None
In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140292264
1012 CVE-2020-0213 787 Overflow 2020-06-11 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android-11 Android ID: A-143464314
1013 CVE-2020-0212 416 2020-06-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854
1014 CVE-2020-0211 125 2020-06-11 2020-06-15
4.3
None Remote Medium Not required Partial None None
In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773
1015 CVE-2020-0210 610 Bypass 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206763
1016 CVE-2020-0209 276 Bypass 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842
1017 CVE-2020-0208 276 Bypass 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145207098
1018 CVE-2020-0207 125 2020-06-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135532289
1019 CVE-2020-0206 20 DoS 2020-06-11 2020-06-15
2.1
None Local Low Not required None None Partial
In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005061
1020 CVE-2020-0205 125 Exec Code 2020-06-11 2020-06-15
4.3
None Remote Medium Not required Partial None None
In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147234020
1021 CVE-2020-0204 367 Bypass 2020-06-11 2020-06-15
5.1
None Remote High Not required Partial Partial Partial
In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136498130
1022 CVE-2020-0203 269 2020-06-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146313311
1023 CVE-2020-0202 276 Bypass 2020-06-11 2020-12-15
6.8
None Remote Medium Not required Partial Partial Partial
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525
1024 CVE-2020-0201 269 2020-06-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143601727
1025 CVE-2020-0200 125 2020-06-11 2020-06-15
4.3
None Remote Medium Not required Partial None None
In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147231862
1026 CVE-2020-0199 416 2020-06-11 2021-07-21
1.9
None Local Medium Not required Partial None None
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142142406
1027 CVE-2020-0198 190 DoS Overflow 2020-06-11 2020-11-25
5.0
None Remote Low Not required None None Partial
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941
1028 CVE-2020-0197 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379
1029 CVE-2020-0196 20 DoS 2020-06-11 2020-06-15
3.3
None Local Network Low Not required None None Partial
In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833
1030 CVE-2020-0195 200 +Info 2020-06-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961
1031 CVE-2020-0194 190 Exec Code Overflow 2020-06-11 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143826590
1032 CVE-2020-0193 125 Overflow 2020-06-11 2020-06-12
4.3
None Remote Medium Not required Partial None None
In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488
1033 CVE-2020-0192 125 Exec Code 2020-06-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144687080
1034 CVE-2020-0191 125 2020-06-11 2020-06-12
4.3
None Remote Medium Not required Partial None None
In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484
1035 CVE-2020-0190 125 Exec Code Overflow 2020-06-11 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140324890
1036 CVE-2020-0189 835 DoS Exec Code 2020-06-11 2020-06-15
4.3
None Remote Medium Not required None None Partial
In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139939283
1037 CVE-2020-0188 269 Bypass 2020-06-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147355897
1038 CVE-2020-0187 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383
1039 CVE-2020-0186 787 2020-06-11 2020-06-15
4.6
None Local Low Not required Partial Partial Partial
In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146144463
1040 CVE-2020-0185 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152
1041 CVE-2020-0184 835 DoS 2020-06-11 2020-06-15
4.3
None Remote Medium Not required None None Partial
In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141688974
1042 CVE-2020-0183 269 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479
1043 CVE-2020-0182 125 2020-06-11 2020-07-06
6.4
None Remote Low Not required Partial None Partial
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917
1044 CVE-2020-0181 190 DoS Overflow 2020-06-11 2020-11-25
5.0
None Remote Low Not required None None Partial
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076
1045 CVE-2020-0180 125 2020-06-11 2020-06-12
4.3
None Remote Medium Not required Partial None None
In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738
1046 CVE-2020-0179 20 2020-06-11 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product: AndroidVersions: Android-10Android ID: A-130656917
1047 CVE-2020-0178 200 +Info 2020-06-11 2021-07-21
2.1
None Local Low Not required Partial None None
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398
1048 CVE-2020-0177 269 Bypass 2020-06-11 2021-07-21
2.1
None Local Low Not required None Partial None
In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126206353
1049 CVE-2020-0176 125 2020-06-11 2021-07-21
5.0
None Remote Low Not required Partial None None
In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79702484
1050 CVE-2020-0175 400 DoS 2020-06-11 2021-07-21
4.3
None Remote Medium Not required None None Partial
In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126380818
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.