Lucene search
K

952 matches found

Prion
Prion
added 2020/02/13 3:15 p.m.16 views

Out-of-bounds

In reassembleanddispatch of packetfragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

8.3CVSS8.8AI score0.05424EPSS
Exploits8References4Affected Software22
Prion
Prion
added 2020/02/13 3:15 p.m.15 views

Design/Logic Flaw

In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

7.1CVSS6.7AI score0.02683EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2020/02/13 3:15 p.m.17 views

Out-of-bounds

In btmreadremoteextfeaturescomplete of btmacl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

7.2CVSS7.1AI score0.0018EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/02/13 2:22 p.m.16 views

CVE-2020-0028

In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

6.5AI score0.02683EPSS
Exploits0References10
CVE
CVE
added 2020/02/13 2:22 p.m.63 views

CVE-2020-0028

CVE-2020-0028 affects Android 9 and is tied to the NetworkMonitor.java area, where a bypass of private DNS settings could allow remote information disclosure. Root cause: the notifyNetworkTested path and related functions enable DNS setting bypass, with exploitation requiring user interaction (UI...

7.1CVSS6.2AI score0.02683EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2020/02/13 2:22 p.m.17 views

CVE-2020-0026

In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...

8.1AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2020/02/13 2:21 p.m.166 views

CVE-2020-0022

CVE-2020-0022 describes an out-of-bounds write in Android’s Bluetooth stack (packet_fragmenter.cc, reassemble_and_dispatch) that could enable remote code execution over Bluetooth without user interaction, affecting Android 8.0–10. Connected sources contain concrete exploitation analyses and PoCs ...

8.8CVSS8.7AI score0.05424EPSS
Exploits8References4Affected Software1
Cvelist
Cvelist
added 2020/02/13 2:20 p.m.27 views

CVE-2020-0018

In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...

4.6AI score0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/02/13 2:20 p.m.23 views

CVE-2020-0014

It is possible for a malicious application to construct a TYPETOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0...

6AI score0.00964EPSS
Exploits0References1
NVD
NVD
added 2020/01/08 7:15 p.m.24 views

CVE-2020-0004

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.4AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2020/01/08 7:15 p.m.27 views

CVE-2020-0002

In ih264dinitdecoder of ih264dapi.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9...

9.3CVSS8.8AI score0.01387EPSS
Exploits0References1
Prion
Prion
added 2020/01/08 7:15 p.m.21 views

Information disclosure

In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

2.1CVSS5.7AI score0.00168EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/01/08 7:15 p.m.19 views

Code injection

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.9CVSS6.1AI score0.00148EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/01/08 7:15 p.m.13 views

Information disclosure

In rwi93sendcmdwritesingleblock of rwi93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product...

4.3CVSS6.6AI score0.00769EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/01/08 6:34 p.m.57 views

CVE-2020-0008

CVE-2020-0008 affects Android 8.0–10 and is described as a race-condition in LowEnergyClient::MtuChangedCallback that can cause an out-of-bounds read. The issue enables local information disclosure without requiring user interaction or additional privileges. The vulnerability is documented across...

4.7CVSS4.3AI score0.00117EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/08 6:33 p.m.18 views

CVE-2020-0007

In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

5.5AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2020/01/08 6:32 p.m.61 views

CVE-2020-0006

CVE-2020-0006 affects Android 8.0–10, with a heap information-disclosure in rw_i93_send_cmd_write_single_block (rw_i93.cc). The underlying issue is uninitialized data leading to remote information disclosure in the NFC server; exploitation requires user interaction. Impact per the sources is info...

6.5CVSS6.2AI score0.00769EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/08 6:31 p.m.24 views

CVE-2020-0004

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.7AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2020/01/08 6:26 p.m.95 views

CVE-2020-0002

CVE-2020-0002 affects Android Media framework (ih264d_init_decoder in ih264d_api.c) with a use-after-free causing an out-of-bounds write, enabling remote code execution. Impacted Android versions: 8.0–10. Exploitation requires user interaction or crafted media; CVSS indicates Network access, no p...

9.3CVSS8.8AI score0.01387EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/01/08 6:25 p.m.110 views

CVE-2020-0001

CVE-2020-0001 affects Android’s framework (ActivityManagerService.java, getProcessRecordLocked). The issue arises from improper handling of isolated apps, enabling local escalation of privilege without extra execution privileges. Impact is described as local elevation of privilege with high confi...

7.8CVSS7.7AI score0.00399EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder