Total
8334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19273 | 2 Google, Samsung | 5 Android, Exynos 8895, Galaxy Note8 and 2 more | 2020-11-10 | 7.2 HIGH | 7.8 HIGH |
| On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. | |||||
| CVE-2020-0451 | 1 Google | 1 Android | 2020-11-10 | 9.3 HIGH | 8.8 HIGH |
| In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825 | |||||
| CVE-2020-0442 | 1 Google | 1 Android | 2020-11-10 | 7.8 HIGH | 7.5 HIGH |
| In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092 | |||||
| CVE-2017-8244 | 1 Google | 1 Android | 2020-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | |||||
| CVE-2017-8245 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. | |||||
| CVE-2017-8246 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. | |||||
| CVE-2020-15993 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15994 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15996 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15997 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15998 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-7744 | 2 Google, Mintegral | 2 Android, Mintegraladsdk | 2020-10-29 | 4.3 MEDIUM | 4.7 MEDIUM |
| This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background). | |||||
| CVE-2019-2194 | 1 Google | 1 Android | 2020-10-16 | 4.6 MEDIUM | 7.8 HIGH |
| In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-137284057 | |||||
| CVE-2020-0413 | 1 Google | 1 Android | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659 | |||||
| CVE-2020-0416 | 1 Google | 1 Android | 2020-10-16 | 9.3 HIGH | 8.8 HIGH |
| In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 | |||||
| CVE-2020-0419 | 1 Google | 1 Android | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-142125338 | |||||
| CVE-2020-0377 | 1 Google | 1 Android | 2020-10-16 | 7.8 HIGH | 7.5 HIGH |
| In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854 | |||||
| CVE-2020-0246 | 1 Google | 1 Android | 2020-10-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405 | |||||
| CVE-2020-0378 | 1 Google | 1 Android | 2020-10-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906 | |||||
| CVE-2020-0367 | 1 Google | 1 Android | 2020-10-15 | 9.4 HIGH | 9.1 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455 | |||||