Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-16167 |
Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors. Published: August 07, 2020; 4:15:12 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2020-16168 |
Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors. Published: August 07, 2020; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6506 |
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. Published: July 22, 2020; 1:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-0231 |
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-0230 |
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-0228 |
There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-0227 |
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-0226 |
In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-0225 |
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2020-0224 |
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2020-0122 |
In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2020-0107 |
In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216 Published: July 17, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-0305 |
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 Published: July 17, 2020; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-0120 |
In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-149995442 Published: July 17, 2020; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-4100 |
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly." Published: July 15, 2020; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2020-5604 |
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView. Published: July 08, 2020; 10:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-5764 |
MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. Published: July 08, 2020; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-11882 |
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. Published: July 07, 2020; 12:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2020-15509 |
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). Published: July 07, 2020; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2020-15502 |
The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy. Published: July 02, 2020; 7:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |