CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2020-0379 2020-09-17 2020-09-23
2.9
None Local Network Medium Not required Partial None None
In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492
1352 CVE-2020-0372 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147
1353 CVE-2020-0368 20 Bypass 2020-12-15 2020-12-15
2.1
None Local Low Not required Partial None None
In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980
1354 CVE-2020-0365 125 DoS 2020-09-18 2020-09-21
2.1
None Local Low Not required None None Partial
In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580
1355 CVE-2020-0359 125 Overflow 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018
1356 CVE-2020-0352 89 Sql Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310
1357 CVE-2020-0349 125 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779
1358 CVE-2020-0344 89 Sql Bypass 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887
1359 CVE-2020-0343 276 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472
1360 CVE-2020-0338 610 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107
1361 CVE-2020-0337 610 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382
1362 CVE-2020-0331 281 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310
1363 CVE-2020-0329 125 Exec Code 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940
1364 CVE-2020-0328 190 Overflow 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131
1365 CVE-2020-0327 281 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407
1366 CVE-2020-0325 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309
1367 CVE-2020-0323 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087
1368 CVE-2020-0322 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540
1369 CVE-2020-0317 276 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929
1370 CVE-2020-0316 276 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919
1371 CVE-2020-0315 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026
1372 CVE-2020-0314 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920
1373 CVE-2020-0313 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989
1374 CVE-2020-0312 276 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099
1375 CVE-2020-0311 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642
1376 CVE-2020-0310 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468
1377 CVE-2020-0308 276 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357
1378 CVE-2020-0307 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867
1379 CVE-2020-0304 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695
1380 CVE-2020-0302 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375
1381 CVE-2020-0297 276 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624
1382 CVE-2020-0296 276 Bypass 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209
1383 CVE-2020-0295 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969
1384 CVE-2020-0294 276 Bypass 2020-09-18 2020-12-14
2.1
None Local Low Not required Partial None None
In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372
1385 CVE-2020-0293 276 2020-09-17 2021-05-12
2.1
None Local Low Not required Partial None None
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A-141455849
1386 CVE-2020-0292 125 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252
1387 CVE-2020-0291 125 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016
1388 CVE-2020-0290 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866
1389 CVE-2020-0289 862 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872
1390 CVE-2020-0288 863 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991
1391 CVE-2020-0285 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479
1392 CVE-2020-0284 276 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784
1393 CVE-2020-0276 276 Bypass 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586
1394 CVE-2020-0274 2020-09-17 2020-09-21
2.1
None Local Low Not required Partial None None
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925
1395 CVE-2020-0272 665 2020-09-18 2020-09-18
2.1
None Local Low Not required Partial None None
In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487
1396 CVE-2020-0269 281 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626
1397 CVE-2020-0265 281 +Info 2020-09-18 2020-09-21
2.1
None Local Low Not required Partial None None
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839
1398 CVE-2020-0263 269 Bypass 2020-09-18 2020-09-21
2.1
None Local Low Not required None None Partial
In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130
1399 CVE-2020-0206 20 DoS 2020-06-11 2020-06-15
2.1
None Local Low Not required None None Partial
In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005061
1400 CVE-2020-0197 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.