Search
Total
5785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0042 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137649599 | |||||
| CVE-2020-0043 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650218 | |||||
| CVE-2020-0062 | 1 Google | 1 Android | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031 | |||||
| CVE-2020-0056 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141619686 | |||||
| CVE-2020-0057 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141620271 | |||||
| CVE-2020-0053 | 1 Google | 1 Android | 2020-03-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143789898 | |||||
| CVE-2020-0054 | 1 Google | 1 Android | 2020-03-11 | 4.6 MEDIUM | 7.8 HIGH |
| In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727 | |||||
| CVE-2020-0058 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141745011 | |||||
| CVE-2020-0044 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219 | |||||
| CVE-2020-0059 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524 | |||||
| CVE-2020-0060 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | |||||
| CVE-2020-0083 | 1 Google | 1 Android | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954 | |||||
| CVE-2020-0032 | 1 Google | 1 Android | 2020-03-11 | 9.3 HIGH | 8.8 HIGH |
| In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-145364230 | |||||
| CVE-2020-0031 | 1 Google | 1 Android | 2020-03-11 | 4.7 MEDIUM | 5.0 MEDIUM |
| In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197 | |||||
| CVE-2020-0010 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A | |||||
| CVE-2020-0011 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A | |||||
| CVE-2020-0012 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844 | |||||
| CVE-2020-0029 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 2.3 LOW |
| In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828 | |||||
| CVE-2020-8860 | 2 Google, Samsung | 2 Android, Galaxy S10 | 2020-03-05 | 5.4 MEDIUM | 8.0 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658. | |||||
| CVE-2014-7914 | 1 Google | 1 Android | 2020-02-26 | 5.8 MEDIUM | 8.1 HIGH |
| btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | |||||
| CVE-2014-7951 | 1 Google | 1 Android | 2020-02-25 | 2.1 LOW | 4.6 MEDIUM |
| Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. | |||||
| CVE-2011-3901 | 1 Google | 1 Android | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | |||||
| CVE-2011-2343 | 1 Google | 1 Android | 2020-02-19 | 2.1 LOW | 2.4 LOW |
| The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | |||||
| CVE-2020-0014 | 1 Google | 1 Android | 2020-02-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | |||||
| CVE-2019-2200 | 1 Google | 1 Android | 2020-02-18 | 6.9 MEDIUM | 7.3 HIGH |
| In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274 | |||||
| CVE-2020-0027 | 1 Google | 1 Android | 2020-02-18 | 7.2 HIGH | 7.8 HIGH |
| In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144040966 | |||||
| CVE-2020-0020 | 1 Google | 1 Android | 2020-02-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731 | |||||
| CVE-2020-0018 | 1 Google | 1 Android | 2020-02-18 | 2.1 LOW | 4.4 MEDIUM |
| In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049 | |||||
| CVE-2020-0021 | 1 Google | 1 Android | 2020-02-18 | 6.8 MEDIUM | 6.5 MEDIUM |
| In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141413692 | |||||
| CVE-2020-0005 | 1 Google | 1 Android | 2020-02-18 | 7.2 HIGH | 6.7 MEDIUM |
| In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859 | |||||
| CVE-2014-7224 | 1 Google | 1 Android | 2020-02-12 | 9.0 HIGH | 8.8 HIGH |
| A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-0003 | 1 Google | 1 Android | 2020-01-29 | 3.7 LOW | 6.7 MEDIUM |
| In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904 | |||||
| CVE-2015-1525 | 1 Google | 1 Android | 2020-01-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | |||||
| CVE-2015-1530 | 1 Google | 1 Android | 2020-01-28 | 6.0 MEDIUM | 7.8 HIGH |
| media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | |||||
| CVE-2013-6792 | 1 Google | 1 Android | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | |||||
| CVE-2014-9908 | 1 Google | 1 Android | 2020-01-13 | 3.3 LOW | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | |||||
| CVE-2016-5346 | 1 Google | 3 Android, Pixel, Pixel Xl | 2020-01-12 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). | |||||
| CVE-2019-9471 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326 | |||||
| CVE-2019-9470 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528 | |||||
| CVE-2019-2204 | 1 Google | 1 Android | 2020-01-08 | 10.0 HIGH | 9.8 CRITICAL |
| In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295 | |||||
| CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2019-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||||
| CVE-2019-8792 | 2 Apple, Google | 3 Iphone Os, Shazam, Android | 2019-12-23 | 6.8 MEDIUM | 8.8 HIGH |
| An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2019-2228 | 1 Google | 1 Android | 2019-12-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 | |||||
| CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2019-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | |||||
| CVE-2019-9464 | 1 Google | 1 Android | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | |||||
| CVE-2019-2230 | 1 Google | 1 Android | 2019-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 | |||||
| CVE-2019-2227 | 1 Google | 1 Android | 2019-12-09 | 3.3 LOW | 6.5 MEDIUM |
| In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 | |||||
| CVE-2019-2225 | 1 Google | 1 Android | 2019-12-09 | 5.8 MEDIUM | 8.8 HIGH |
| When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 | |||||
| CVE-2019-2222 | 1 Google | 1 Android | 2019-12-09 | 6.8 MEDIUM | 7.8 HIGH |
| n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 | |||||
| CVE-2019-2223 | 1 Google | 1 Android | 2019-12-09 | 6.8 MEDIUM | 7.8 HIGH |
| In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 | |||||