Lucene search
K

952 matches found

NVD
NVD
added 2020/10/14 1:15 p.m.16 views

CVE-2019-2194

In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS0.00149EPSS
Exploits0References1
Prion
Prion
added 2020/10/14 1:15 p.m.20 views

Input validation

In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.6CVSS7.9AI score0.00149EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/10/14 1:6 p.m.108 views

CVE-2020-0377

CVE-2020-0377 targets Android Bluetooth stack: in gatt_process_read_by_type_rsp of gatt_cl.cc, a missing bounds check allows an out-of-bounds read, enabling remote information disclosure on Bluetooth servers without extra privileges. Affected: Android 8.0–11 (Android-8.0, 8.1, 9, 10, 11) per the ...

7.8CVSS7AI score0.01812EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/14 1:4 p.m.28 views

CVE-2020-0410

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...

5.4AI score0.0015EPSS
Exploits0References1
CVE
CVE
added 2020/10/14 1:4 p.m.113 views

CVE-2020-0415

CVE-2020-0415 affects Android’s SystemUI: a permission bypass via an unsafe PendingIntent could enable local information disclosure of contacts with user privileges, requiring no user interaction for exploitation. The vulnerability is listed in the 2020-10 Android security bulletin under System a...

5.5CVSS5AI score0.00161EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/14 1:2 p.m.23 views

CVE-2020-0419

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.4AI score0.00149EPSS
Exploits0References1
Prion
Prion
added 2020/09/18 4:15 p.m.15 views

Code injection

In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

2.1CVSS6.5AI score0.00168EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/17 9:15 p.m.22 views

CVE-2020-0338

In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-123700107...

5CVSS0.00156EPSS
Exploits0References1
Prion
Prion
added 2020/09/17 9:15 p.m.13 views

Information disclosure

In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-123700107...

1.9CVSS4.8AI score0.00156EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/17 4:15 p.m.13 views

CVE-2020-0386

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

5.5CVSS0.00385EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 4:15 p.m.15 views

CVE-2020-0395

In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 4:15 p.m.19 views

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

7.8CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 4:15 p.m.17 views

CVE-2020-0392

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...

7.8CVSS0.00266EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 4:15 p.m.23 views

CVE-2020-0074

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7.8CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 4:15 p.m.24 views

CVE-2020-0381

In Parsewave of easmdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.5CVSS0.01494EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 4:15 p.m.19 views

CVE-2020-0379

In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8...

5.7CVSS0.00333EPSS
Exploits0References1
Prion
Prion
added 2020/09/17 4:15 p.m.14 views

Information disclosure

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10...

4.9CVSS5.8AI score0.00183EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.15 views

Heap overflow

In DecodeFrameCombinedMode of combineddecode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-1...

9.3CVSS8.3AI score0.02053EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.12 views

Design/Logic Flaw

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

7.2CVSS7.8AI score0.0027EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/17 4:15 p.m.12 views

Integer overflow

In Parsewave of easmdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5CVSS7.5AI score0.01494EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder