CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2020-0493 125 2020-12-15 2020-12-15
2.1
None Local Low Not required Partial None None
In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150615407
1302 CVE-2020-0482 125 Exec Code 2020-12-15 2020-12-16
2.1
None Local Low Not required Partial None None
In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572
1303 CVE-2020-0481 863 Bypass 2020-12-15 2020-12-16
2.1
None Local Low Not required None Partial None
In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962
1304 CVE-2020-0477 863 2020-12-15 2020-12-16
2.1
None Local Low Not required Partial None None
In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414
1305 CVE-2020-0476 532 +Info 2020-12-15 2020-12-16
2.1
None Local Low Not required Partial None None
In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574
1306 CVE-2020-0473 863 Bypass 2020-12-15 2020-12-16
2.1
None Local Low Not required None Partial None
In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486
1307 CVE-2020-0469 DoS 2020-12-14 2020-12-15
2.1
None Local Low Not required None None Partial
In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734
1308 CVE-2020-0468 276 Bypass 2020-12-14 2020-12-15
2.1
None Local Low Not required Partial None None
In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422
1309 CVE-2020-0467 2020-12-14 2020-12-15
2.1
None Local Low Not required Partial None None
In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-168500792
1310 CVE-2020-0464 203 2020-12-14 2020-12-15
2.1
None Local Low Not required Partial None None
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903
1311 CVE-2020-0459 276 +Info 2020-12-14 2020-12-15
2.1
None Local Low Not required Partial None None
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687
1312 CVE-2020-0454 732 Bypass 2020-11-10 2020-11-10
2.1
None Local Low Not required Partial None None
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134
1313 CVE-2020-0453 276 Bypass 2020-11-10 2020-11-10
2.1
None Local Low Not required Partial None None
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
1314 CVE-2020-0448 276 2020-11-10 2020-11-10
2.1
None Local Low Not required Partial None None
In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334
1315 CVE-2020-0443 754 DoS 2020-11-10 2020-11-10
2.1
None Local Low Not required None None Partial
In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253
1316 CVE-2020-0437 276 DoS 2020-11-10 2020-11-12
2.1
None Local Low Not required None None Partial
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-162741784
1317 CVE-2020-0427 416 2020-09-17 2021-03-26
2.1
None Local Low Not required Partial None None
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
1318 CVE-2020-0426 276 Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790
1319 CVE-2020-0425 200 +Info 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
There is a possible way to view notifications even when the "Lockdown" feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380
1320 CVE-2020-0424 2020-11-10 2020-11-17
2.1
None Local Low Not required Partial None None
In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564
1321 CVE-2020-0422 922 Bypass 2020-10-14 2020-10-16
2.1
None Local Low Not required Partial None None
In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556
1322 CVE-2020-0419 862 +Info 2020-10-14 2020-10-16
2.1
None Local Low Not required Partial None None
In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-142125338
1323 CVE-2020-0415 276 Bypass 2020-10-14 2020-10-16
2.1
None Local Low Not required Partial None None
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795
1324 CVE-2020-0412 276 2020-10-14 2020-10-16
2.1
None Local Low Not required Partial None None
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416
1325 CVE-2020-0410 276 Bypass 2020-10-14 2020-10-16
2.1
None Local Low Not required Partial None None
In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269
1326 CVE-2020-0407 326 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A
1327 CVE-2020-0390 276 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026
1328 CVE-2020-0389 863 Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408
1329 CVE-2020-0382 754 Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488
1330 CVE-2020-0379 2020-09-17 2020-09-23
2.9
None Local Network Medium Not required Partial None None
In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492
1331 CVE-2020-0372 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147
1332 CVE-2020-0368 20 Bypass 2020-12-15 2020-12-15
2.1
None Local Low Not required Partial None None
In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980
1333 CVE-2020-0365 125 DoS 2020-09-18 2020-09-21
2.1
None Local Low Not required None None Partial
In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580
1334 CVE-2020-0359 125 Overflow 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018
1335 CVE-2020-0352 89 Sql Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310
1336 CVE-2020-0349 125 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779
1337 CVE-2020-0344 89 Sql Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887
1338 CVE-2020-0343 276 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472
1339 CVE-2020-0338 610 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107
1340 CVE-2020-0337 610 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382
1341 CVE-2020-0331 281 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310
1342 CVE-2020-0329 125 Exec Code 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940
1343 CVE-2020-0328 190 Overflow 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131
1344 CVE-2020-0327 281 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407
1345 CVE-2020-0325 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309
1346 CVE-2020-0323 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087
1347 CVE-2020-0322 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540
1348 CVE-2020-0317 276 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929
1349 CVE-2020-0316 276 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919
1350 CVE-2020-0315 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.