Total
34059 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0188 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147355897 | ||||
| CVE-2020-0121 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766 | ||||
| CVE-2020-0116 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809 | ||||
| CVE-2020-0114 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347 | ||||
| CVE-2020-0104 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870 | ||||
| CVE-2020-0098 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 | ||||
| CVE-2020-0096 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 | ||||
| CVE-2020-0091 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | ||||
| CVE-2020-0090 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 | ||||
| CVE-2020-0083 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954 | ||||
| CVE-2020-0080 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144092031 | ||||
| CVE-2020-0065 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 | ||||
| CVE-2020-0064 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 | ||||
| CVE-2020-0063 | 1 Google | 1 Android | 2024-11-21 | 7.3 High |
| In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911 | ||||
| CVE-2020-0061 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145504977 | ||||
| CVE-2020-0028 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-122652057 | ||||
| CVE-2020-0025 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-135604684 | ||||
| CVE-2020-0017 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892 | ||||
| CVE-2020-0015 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139017101 | ||||
| CVE-2020-0001 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304 | ||||