2494 matches found
CVE-2020-0393
CVE-2020-0393 affects Android during 9–11 in the Media Framework: decrypt and decrypt_1_2 in CryptoPlugin.cpp allow an out-of-bounds read due to a missing bounds check, enabling local information disclosure without user interaction. The issue is documented in multiple sources (NVD/NVD CVSS detail...
CVE-2020-0382
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2020-0074
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
Android 11 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.
This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 11. Android 11 devices with a security patch level of 2020-09-01 or later are protected against these issues Android 11, as released on AOSP, has a...
CVE-2020-0213
In hevcdfmtconv420spto420spav8 of ihevcdfmtconv420spto420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...
CVE-2020-0202
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Heap overflow
In hevcdfmtconv420spto420spav8 of ihevcdfmtconv420spto420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...
Input validation
In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2020-0215
CVE-2020-0215 affects Android devices via a leak in ConfirmConnectActivity.java related to a permissions bypass that exposes the Bluetooth MAC address. The vulnerability could enable local elevation of privilege to access pairing information, with user interaction required for exploitation. Affec...
CVE-2020-0213
CVE-2020-0213 affects Android Media Framework (ihevcd_fmt_conv_420sp_to_420sp_av8) and is caused by a heap buffer overflow leading to a possible out-of-bounds write. Impact: remote information disclosure with no execution privileges required, exploitable with user interaction. Affected products/v...
Android 11 Will Help You Rein In Zombie App Permissions
The latest update to Google's operating system has a host of privacy and security improvements...
CVE-2019-2219
In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User...
Design/Logic Flaw
In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User...
CVE-2019-2219
In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User...