Android@11.0 Security Vulnerabilities and Issues — Page 36 of Android@11.0 CVE List

5.5CVSS5.8AI score0.00017EPSS

CVE-2020-0312

In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099

5.5CVSS6.1AI score0.00014EPSS

CVE-2020-0337

In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382

7.1CVSS6.9AI score0.00346EPSS

CVE-2020-0351

In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537

5.5CVSS6.1AI score0.00026EPSS

CVE-2020-0352

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310

7.8CVSS8.2AI score0.00014EPSS

CVE-2020-0357

In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-15...

7.8CVSS8.2AI score0.00042EPSS

CVE-2020-0366

In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: And...

4.6CVSS5.6AI score0.00012EPSS

CVE-2020-0473

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privil...

6.7CVSS7.3AI score0.00019EPSS

CVE-2020-0483

In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

5.5CVSS5.7AI score0.00015EPSS

CVE-2020-0497

In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661

5.5CVSS6.1AI score0.00229EPSS

CVE-2020-0498

In decode_packed_entry_number of codebook.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android...

4.4CVSS4.9AI score0.00016EPSS

CVE-2020-27021

In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

5.5CVSS5.7AI score0.00017EPSS

CVE-2020-27027

In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andr...

5.5CVSS5.6AI score0.00015EPSS

CVE-2020-27032

In getRadioAccessFamily of PhoneInterfaceManager.java, there is a possible read of privileged data due to a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

CVE•added 2020/12/15 5:15 p.m.•31 views

CVE-2020-27056

In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161356067

3.3CVSS4.5AI score0.00014EPSS

CVE•added 2020/12/15 5:15 p.m.•31 views

CVE-2020-27057

In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS4.6AI score0.00014EPSS

CVE•added 2020/12/18 9:15 a.m.•31 views

CVE-2020-35550

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).

9.8CVSS9.4AI score0.00147EPSS

CVE•added 2020/12/18 9:15 a.m.•31 views

CVE-2020-35553

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678...

7.8CVSS7.4AI score0.00125EPSS

CVE•added 2021/03/10 5:15 p.m.•31 views

CVE-2021-0387

In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421...

6.9CVSS6.5AI score0.00011EPSS

CVE•added 2021/03/10 5:15 p.m.•31 views

CVE-2021-0389

In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904

7.8CVSS7.6AI score0.00014EPSS

CVE•added 2021/10/25 2:15 p.m.•31 views

CVE-2021-0411

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.

5.5CVSS5AI score0.00017EPSS

CVE•added 2021/08/18 3:15 p.m.•31 views

CVE-2021-0418

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.

5.5CVSS5.4AI score0.00018EPSS

CVE•added 2021/09/27 12:15 p.m.•31 views

CVE-2021-0422

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.

5.5CVSS5.4AI score0.00013EPSS

CVE•added 2021/10/25 2:15 p.m.•31 views

CVE-2021-0617

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561391; Issue ID: ALPS05561391.

5.5CVSS5.2AI score0.00012EPSS

5.5CVSS5.2AI score0.00012EPSS

CVE-2021-0620

In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.

6.7CVSS6.8AI score0.00041EPSS

CVE-2021-0664

In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158.

6.7CVSS6.8AI score0.00018EPSS

CVE-2021-0667

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581.

7.2CVSS6.8AI score0.00015EPSS

CVE-2021-0669

7.2CVSS6.8AI score0.00015EPSS

CVE-2021-0670

CVE•added 2021/12/17 5:15 p.m.•31 views

CVE-2021-0901

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.

6.7CVSS6.8AI score0.00018EPSS

CVE•added 2021/04/23 3:15 p.m.•31 views

CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

6.1CVSS5.5AI score0.00041EPSS

CVE•added 2021/06/11 3:15 p.m.•31 views

CVE-2021-25390

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

4CVSS5.7AI score0.00019EPSS

CVE•added 2021/07/08 2:15 p.m.•31 views

CVE-2021-25426

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.

7.5CVSS7.4AI score0.00123EPSS

CVE•added 2021/09/09 7:15 p.m.•31 views

CVE-2021-25462

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

5.5CVSS5.4AI score0.00017EPSS

7.2CVSS6.9AI score0.00017EPSS

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

6.7CVSS7AI score0.0002EPSS

CVE-2021-25469

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

6.7CVSS6.3AI score0.00016EPSS

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.