CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2020-0187 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383
1402 CVE-2020-0185 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152
1403 CVE-2020-0178 200 +Info 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398
1404 CVE-2020-0177 269 Bypass 2020-06-11 2020-06-12
2.1
None Local Low Not required None Partial None
In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126206353
1405 CVE-2020-0164 125 2020-06-11 2020-06-11
2.1
None Local Low Not required Partial None None
In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125
1406 CVE-2020-0158 125 2020-06-11 2020-06-11
2.1
None Local Low Not required Partial None None
In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128
1407 CVE-2020-0156 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127
1408 CVE-2020-0154 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919
1409 CVE-2020-0152 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159
1410 CVE-2020-0151 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-133164384
1411 CVE-2020-0149 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089
1412 CVE-2020-0148 125 Exec Code 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492
1413 CVE-2020-0147 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392
1414 CVE-2020-0146 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561
1415 CVE-2020-0145 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079
1416 CVE-2020-0144 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497
1417 CVE-2020-0143 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277
1418 CVE-2020-0141 200 Exec Code +Info 2020-06-11 2020-06-15
2.1
None Remote High ??? Partial None None
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793
1419 CVE-2020-0139 190 Overflow 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are needed and user interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145520471
1420 CVE-2020-0135 276 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837
1421 CVE-2020-0134 200 +Info 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771
1422 CVE-2020-0132 502 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139473816
1423 CVE-2020-0125 125 2020-09-17 2020-09-22
2.1
None Local Low Not required Partial None None
In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168
1424 CVE-2020-0121 276 Bypass 2020-06-10 2020-06-11
2.1
None Local Low Not required Partial None None
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766
1425 CVE-2020-0107 276 Bypass 2020-07-17 2020-07-21
2.1
None Local Low Not required Partial None None
In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216
1426 CVE-2020-0106 200 Bypass +Info 2020-05-14 2020-05-15
2.1
None Local Low Not required Partial None None
In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207
1427 CVE-2020-0104 200 +Info 2020-05-14 2020-05-15
2.1
None Local Low Not required Partial None None
In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870
1428 CVE-2020-0101 200 +Info 2020-05-14 2020-05-15
2.1
None Local Low Not required Partial None None
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096
1429 CVE-2020-0100 125 2020-05-14 2020-05-18
2.1
None Local Low Not required Partial None None
In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584
1430 CVE-2020-0091 200 +Info 2020-05-14 2020-05-18
2.1
None Local Low Not required Partial None None
In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700
1431 CVE-2020-0090 863 2020-05-14 2020-05-18
2.1
None Local Low Not required Partial None None
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048
1432 CVE-2020-0077 125 2020-04-17 2020-04-23
2.1
None Local Low Not required Partial None None
In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146055840
1433 CVE-2020-0075 125 2020-04-17 2020-04-22
2.1
None Local Low Not required Partial None None
In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146057864
1434 CVE-2020-0068 125 Overflow 2020-04-17 2020-04-22
2.1
None Local Low Not required Partial None None
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions: Android kernel. Android ID: A-139354541
1435 CVE-2020-0067 125 2020-04-17 2020-10-14
2.1
None Local Low Not required Partial None None
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.
1436 CVE-2020-0065 863 2020-05-14 2020-05-18
2.1
None Local Low Not required Partial None None
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448
1437 CVE-2020-0064 863 2020-05-14 2020-05-18
2.1
None Local Low Not required Partial None None
An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855
1438 CVE-2020-0060 89 Sql Bypass 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845
1439 CVE-2020-0059 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524
1440 CVE-2020-0058 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141745011
1441 CVE-2020-0057 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141620271
1442 CVE-2020-0056 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141619686
1443 CVE-2020-0055 125 2020-03-10 2021-06-08
2.1
None Local Low Not required Partial None None
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141617601
1444 CVE-2020-0048 908 +Info 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139417189
1445 CVE-2020-0047 863 2020-03-10 2020-03-11
2.1
None Local Low Not required None Partial None
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311
1446 CVE-2020-0044 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219
1447 CVE-2020-0043 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650218
1448 CVE-2020-0042 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137649599
1449 CVE-2020-0029 200 +Info 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828
1450 CVE-2020-0019 798 2020-12-14 2020-12-16
2.1
None Local Low Not required Partial None None
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.