Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9445 | 1 Google | 1 Android | 2020-11-02 | 2.1 LOW | 4.4 MEDIUM |
| In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2020-8929 | 1 Google | 1 Tink | 2020-10-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext. | |||||
| CVE-2020-7744 | 2 Google, Mintegral | 2 Android, Mintegraladsdk | 2020-10-29 | 4.3 MEDIUM | 4.7 MEDIUM |
| This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background). | |||||
| CVE-2020-24721 | 2 Apple, Google | 2 Exposure Notifications, Exposure Notifications | 2020-10-22 | 3.3 LOW | 5.7 MEDIUM |
| An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework. | |||||
| CVE-2020-0419 | 1 Google | 1 Android | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-142125338 | |||||
| CVE-2020-0246 | 1 Google | 1 Android | 2020-10-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405 | |||||
| CVE-2020-0378 | 1 Google | 1 Android | 2020-10-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906 | |||||
| CVE-2020-26603 | 1 Google | 1 Android | 2020-10-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). | |||||
| CVE-2019-10379 | 1 Google | 1 Cloud Messaging Notification | 2020-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-0318 | 1 Google | 1 Android | 2020-09-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | |||||
| CVE-2020-0268 | 1 Google | 1 Android | 2020-09-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | |||||
| CVE-2020-0379 | 1 Google | 1 Android | 2020-09-23 | 2.9 LOW | 5.7 MEDIUM |
| In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492 | |||||
| CVE-2020-0385 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-150160041 | |||||
| CVE-2020-0384 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150159906 | |||||
| CVE-2020-0383 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279 | |||||
| CVE-2019-9453 | 1 Google | 1 Android | 2020-09-23 | 2.1 LOW | 4.4 MEDIUM |
| In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2020-0324 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304 | |||||
| CVE-2020-0332 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982 | |||||
| CVE-2020-0270 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628 | |||||
| CVE-2020-0356 | 1 Google | 1 Android | 2020-09-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559 | |||||
| CVE-2020-0361 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433 | |||||
| CVE-2020-0362 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930 | |||||
| CVE-2020-0363 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514 | |||||
| CVE-2020-0364 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770 | |||||
| CVE-2020-0370 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700 | |||||
| CVE-2020-0403 | 1 Google | 1 Android | 2020-09-23 | 7.2 HIGH | 6.7 MEDIUM |
| In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923 | |||||
| CVE-2020-0393 | 1 Google | 1 Android | 2020-09-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-154123412 | |||||
| CVE-2020-0390 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026 | |||||
| CVE-2020-0125 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168 | |||||
| CVE-2020-0322 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 4.4 MEDIUM |
| In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540 | |||||
| CVE-2020-0323 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087 | |||||
| CVE-2020-0329 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940 | |||||
| CVE-2020-0320 | 1 Google | 1 Android | 2020-09-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427 | |||||
| CVE-2020-0352 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | |||||
| CVE-2020-0344 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | |||||
| CVE-2020-0359 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018 | |||||
| CVE-2020-0372 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147 | |||||
| CVE-2020-0351 | 1 Google | 1 Android | 2020-09-21 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537 | |||||
| CVE-2020-0355 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493 | |||||
| CVE-2020-0274 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925 | |||||
| CVE-2020-0279 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 | |||||
| CVE-2020-0301 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460 | |||||
| CVE-2020-0314 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920 | |||||
| CVE-2020-0289 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872 | |||||
| CVE-2020-0290 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866 | |||||
| CVE-2020-0347 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 | |||||
| CVE-2020-0348 | 1 Google | 1 Android | 2020-09-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 | |||||
| CVE-2020-0350 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 | |||||
| CVE-2020-0365 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 | |||||
| CVE-2020-0281 | 1 Google | 1 Android | 2020-09-21 | 3.5 LOW | 4.5 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 | |||||