Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-0427

Summary
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At-17 Sep, 2020 | 00:00
Updated At-04 Aug, 2024 | 06:02
Rejected At-
Credits

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:google_android
Assigner Org ID:baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At:17 Sep, 2020 | 00:00
Updated At:04 Aug, 2024 | 06:02
Rejected At:
▼CVE Numbering Authority (CNA)

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

Affected Products
Vendor
n/a
Product
Android
Versions
Affected
  • Android kernel
Problem Types
TypeCWE IDDescription
textN/AInformation disclosure
Type: text
CWE ID: N/A
Description: Information disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2020-09-01
N/A
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
vendor-advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
mailing-list
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
N/A
https://www.starwindsoftware.com/security/sw-20210325-0005/
N/A
Hyperlink: https://source.android.com/security/bulletin/pixel/2020-09-01
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Resource:
vendor-advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Resource:
mailing-list
Hyperlink: http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Resource: N/A
Hyperlink: https://www.starwindsoftware.com/security/sw-20210325-0005/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2020-09-01
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
vendor-advisory
x_transferred
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
mailing-list
x_transferred
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
x_transferred
https://www.starwindsoftware.com/security/sw-20210325-0005/
x_transferred
Hyperlink: https://source.android.com/security/bulletin/pixel/2020-09-01
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Resource:
mailing-list
x_transferred
Hyperlink: http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Resource:
x_transferred
Hyperlink: https://www.starwindsoftware.com/security/sw-20210325-0005/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@android.com
Published At:17 Sep, 2020 | 19:15
Updated At:25 Oct, 2022 | 16:12

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
starwindsoftware
starwindsoftware
>>starwind_virtual_san>>v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*
starwindsoftware
starwindsoftware
>>starwind_virtual_san>>v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*
starwindsoftware
starwindsoftware
>>starwind_virtual_san>>v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*
starwindsoftware
starwindsoftware
>>starwind_virtual_san>>v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*
starwindsoftware
starwindsoftware
>>starwind_virtual_san>>v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*
starwindsoftware
starwindsoftware
>>starwind_virtual_san>>v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-416Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.htmlsecurity@android.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.htmlsecurity@android.com
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.htmlsecurity@android.com
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlsecurity@android.com
Mailing List
Third Party Advisory
https://source.android.com/security/bulletin/pixel/2020-09-01security@android.com
Patch
Vendor Advisory
https://www.starwindsoftware.com/security/sw-20210325-0005/security@android.com
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
Source: security@android.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Source: security@android.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Source: security@android.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
Source: security@android.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://source.android.com/security/bulletin/pixel/2020-09-01
Source: security@android.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.starwindsoftware.com/security/sw-20210325-0005/
Source: security@android.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

5371Records found
CVE-2020-0382
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-2.3||LOW
EPSS-0.01% / 2.95%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:40
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-0116
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.81%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 17:12
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0317
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:49
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0395
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:43
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0343
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:49
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0290
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:48
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0448
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:48
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0425
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible way to view notifications even when the "Lockdown" feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0134
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2020-0018
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 14:20
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-0061
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:01
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145504977

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0294
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:22
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0337
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.81%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:45
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0464
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-0248
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:28
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0400
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:03
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0415
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:04
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0297
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:48
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0308
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:48
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0396
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:46
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0274
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:54
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0023
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.59%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 14:21
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0495
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 15:57
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155473137

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0344
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.44%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:55
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-0090
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.42%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 20:12
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0288
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:47
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0325
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.88%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:26
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0412
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 1.42%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:07
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0302
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:24
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2001-0235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.10% / 27.52%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2020-0020
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.09%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 14:21
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-0311
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:25
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0091
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.42%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 20:12
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0543
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 65.31%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:55
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationMcAfee, LLCSiemens AGFedora ProjectopenSUSECanonical Ltd.
Product-celeron_2957uxeon_e3-1230_v5xeon_e3-1558l_v5core_i3-6300core_i7-4790tcore_m-5y3core_i7-5775rceleron_5305ucore_i7-4765tcore_i3-4025ucore_i7-9700kfcore_i7-4785tcore_i5-8400hceleron_g3940core_i3-4120ucore_i5-7y54core_i3-3250core_i5-4440simatic_ipc547g_firmwarecore_i5-3470score_i3-2115cxeon_e-2226gcore_i9-9900kfpentium_g4400txeon_e3-1226_v3xeon_e3-1280_v5xeon_e3-1265l_v2core_i7-8670pentium_a1018_v2core_i3-8145ucore_i7-6822eqcore_i5-4258ucore_i7-6700tecore_i3-7020ucore_i7-4770rxeon_e3-1501l_v6core_i3-8109ucore_i5-4260ucore_i7-7600ucore_i5-4670kxeon_e-2224core_i5-10110ycore_i7-3770celeron_g1830core_i3-7100ecore_i7-4770pentium_g3258xeon_e3-1505l_v6xeon_e-2278gecore_m5-6y54simatic_field_pg_m6_firmwaresimatic_ipc427d_firmwarecore_i5-4690tcore_i5-6600kcore_4415ycore_i5-5675ccore_i3-4360core_i7-4600uceleron_1020ecore_i5-8400bsimatic_ipc427e_firmwaresimatic_ipc647d_firmwarecore_i7-4980hqcore_i7-4710hqcore_i5-5250upentium_g4420celeron_1020mcore_i7-7820hkcore_i3-i3-8100hcore_i7-5850hqcore_i3-4170core_m-5y10ccore_i5-8550core_i3-4160txeon_e-2184gcore_i7-6970hqcore_i5-3340mxeon_e3-1265l_v4core_i3-6120tcore_i5-7500ucore_i5-8600celeron_g3930tecore_i5-3317uxeon_e-2136core_i7-10510ucore_i7-9700kceleron_3865ucore_i3-8100simatic_ipc527gpentium_g3460tcore_m7-6y75core_i3-3220pentium_g3440celeron_g4900tcore_m3-6y30core_i5-4570rfedorasimatic_ipc477d_firmwarecore_4205uxeon_e3-1535m_v5simatic_ipc527g_firmwarecore_i7-7700core_m-5y10simatic_field_pg_m5core_i3-7102ecore_i7-4712hqxeon_e3-1268l_v5celeron_2955ucore_i5-8600ksimatic_ipc477e_firmwarecore_i5-3550simatic_field_pg_m6core_i7-8750hxeon_e3-1501m_v6core_i5-8365usimatic_ipc827dcore_i5-4278ucore_i5-9600kfceleron_927ueceleron_g4930core_i5-7600core_i3-3227ucore_i5-3437upentium_g5400tcore_i5-4460xeon_e3-1270_v6core_i7-3920xmpentium_g2120_v2pentium_g3220xeon_e-2286mxeon_e3-1505m_v5pentium_g2020t_v2core_i3-5006upentium_3560mpentium_3561ycore_i7-5650uxeon_e-2276gcore_i3-8300xeon_e-2186gcore_i3-5005ucore_i5-7400tsimatic_ipc627dcore_i3-5020upentium_g3440txeon_e-2174gcore_i7-8809gxeon_e3-1105ccore_i5-5257ucore_i5-7260ucore_i7-8700bcore_m-5y70xeon_e3-1280_v2xeon_e3-1220_v2simotion_p320-4s_firmwarecore_i7-3612qepentium_g5420tcore_i5-4440score_i5-7267upentium_g3430core_i5-7y57_xeon_e3-1585_v5core_i5-10210ycore_i5-4402ecceleron_2970mcore_i7-6560upentium_g4420tpentium_g3460simatic_ipc477e_pro_firmwarecore_i5-8300hcore_i3-4020ycore_i3-4160pentium_3558ucore_i3-3229ycore_i7-5600uxeon_e3-1280_v3xeon_e3-1285_v3core_i5-3450pentium_3805ucore_4410yxeon_e3-1281_v3simatic_ipc647e_firmwarecore_i7-3632qmxeon_e3-1240l_v3pentium_gold_6405uceleron_g4920core_i3-6167uxeon_e-2274gcore_i7-3517uceleron_g1820xeon_e-2278gelcore_i5-3570xeon_e3-1270_v2xeon_e3-1280_v6xeon_e3-1225_v3core_i5-5200usimatic_ipc347e_firmwarecore_i7-7740xpentium_1405_v2core_i7-6500ucore_i3-3240tcore_i3-7110ucore_i3-8120celeron_g3902exeon_e-2124core_i9-9880hcore_i5-7287uxeon_e3-1275_v3simotion_p320-4ecore_i7-3940xmcore_i7-4950hqcore_i7-3740qmceleron_1047uecore_i5-6300ucore_i7-4700hqxeon_e-2276mecore_i7-8565uxeon_e3-1125ccore_i7-4770hqcore_i7-4910mqceleron_1019ycore_i5-7300hqcore_i7-7560uxeon_e3-1271_v3core_i3-6100hxeon_e3-1535m_v6simatic_ipc827d_firmwarecore_i5-8259uxeon_e3-1220_v5core_i7-4860hqcore_i7-3770kceleron_3765usimatic_ipc847ecore_i5-4300ucore_i3-3130msimatic_ipc427ecore_i7-6700hqpentium_2127u_v2simatic_ipc427dpentium_3665ucore_i3-3217uecore_i7-4850hqpentium_g3260core_i3-3240simotion_p320-4score_i5-6350hqpentium_3215ucore_i3-4150core_i5-7600tpentium_g2030_v2simatic_ipc3000_smartcore_i5-3360msimatic_ipc547ecore_i7-4702mqcore_i3-4100ucore_i5-4220ypentium_g3240xeon_e3-1258l_v4core_i7-7500ucore_i7-8550uubuntu_linuxxeon_e-2224gthreat_intelligence_exchange_servercore_i7-3687ucore_i7-4558ucore_i7-4550ucore_i7-4770sxeon_e-2226gecore_i7-6650ucore_i3-4340core_i3-4005ucore_m-5y71core_i5-6210ucore_i7-3612qmpentium_g5420pentium_g2140_v2core_i3-7167uceleron_g1620core_i3-6100tcore_i5-9400hcore_i7-8500ycore_i7-7567uleapcore_i7-5557ucore_i7-4960hqxeon_e3-1286_v3core_i5-4308upentium_g2020_v2celeron_3755ucore_i7-4710mqxeon_e3-1230_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarecore_i7-7820hqpentium_g5500txeon_e3-1585l_v5celeron_g3920tcore_i5-8210ycore_i7-3520mpentium_b915ccore_i3-6100eceleron_2980uceleron_3955ucore_i5-4210uxeon_e3-1275_v5xeon_e3-1221_v3xeon_e3-1240_v5xeon_e3-1230l_v3core_i7-6567usimatic_ipc677ecore_i7-5775ccore_i3-7101ecore_i7-3770txeon_e3-1515m_v5xeon_e3-1225_v5core_i5-8500core_i7-3635qmcore_9300hcore_i7-4790score_i7-7510ucore_i5-4570score_i7-8510ycore_i3-4350tceleron_g1610tcore_i5-8265upentium_3765ucore_i7-5700eqcore_i3-4012ycore_i3-6110ucore_i3-7007ucore_i5-6300hqxeon_e-2254mesimatic_field_pg_m4core_i5-6440hqcore_i7-7y75core_i7-4702eccore_i7-6700xeon_e3-1220_v3core_i3-8350kcore_i5-3337ucore_i5-7500txeon_e3-1505m_v6core_i5-3470core_i7-3689ycore_i7-7700kcore_i7-8705gpentium_g3450core_i7-8665uxeon_e-2276mcore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_e3-1220l_v2core_i3-4330core_i3-4170txeon_e3-1565l_v5xeon_e-2236core_i7-3537ucore_i7-4500uxeon_e3-1240_v6core_i5-6310ucore_i7-8700pentium_g3260tceleron_2981ucore_i3-6300tcore_i5-3330core_i3-6120core_i5-8400pentium_g3250tcore_i5-3380mcore_i7-3517uecore_i7-3720qmcore_i7-7700tcore_i5-10210ucore_i5-4350upentium_2030m_v2core_i7-6770hqcore_i7-8700kxeon_e3-1268l_v3core_m-5y10asimatic_ipc347ecore_i7-5850eqcore_i7-4578ucore_i5-7442eqxeon_e-2134pentium_2129y_v2core_i5-3550score_i3-4130tpentium_g4500tcore_i3-3220tcore_i7-4771core_i5-4590sxeon_e3-1285_v6core_i7-3667uceleron_725cxeon_e3-1278l_v4core_i3-3120mcore_i5-4250uxeon_e3-1220l_v3xeon_e3-1225_v6core_i3-4100msimatic_ipc847dcore_i7-10510yxeon_e3-1240l_v5core_i7-4722hqcore_i5-4430ssimatic_ipc477ecore_i5-6442eqcore_i7-4790simatic_field_pg_m4_firmwarecore_i5-8420tceleron_g3900core_i5-9600kxeon_e3-1290_v2pentium_3205uxeon_e3-1286l_v3xeon_e3-1125c_v2core_i5-3340core_i7-7700hqpentium_g5600core_i7-3540mxeon_e3-1245_v3core_i7-3610qecore_i3-8100hxeon_e3-1245_v5core_i7-6870hqxeon_e3-1230_v2pentium_3556upentium_g4500celeron_1005mcore_i5-4210hcore_i5-3330spentium_g3220tcore_i5-8350ucore_i7-4800mqcore_i3-4010ycore_i7-4750hqcore_i5-7300upentium_2117u_v2xeon_e3-1240_v2xeon_e-2246gcore_i5-8500tcore_8269ucore_i5-7500core_i5-4670rcore_i3-4110mcore_i5-4670tcore_i5-3610mecore_i5-4690core_i7-4700eqcore_i3-4370tcore_i5-6400pentium_3825upentium_b925cxeon_e3-1241_v3simatic_ipc677dcore_i5-3427ucore_i5-7200upentium_g4540core_i5-3570spentium_g2030t_v2celeron_g1820tceleron_g3930esimatic_ipc847e_firmwarecore_i7-4702hqcore_i9-8950hkpentium_g4520core_i7-3820qmpentium_4405ucore_i5-5350core_i7-7920hqxeon_e-2254mlxeon_e3-1545m_v5core_i5-8400tcore_i3-5015ucore_i5-4590simatic_ipc477e_procore_i3-4158ucore_m-5y51core_i5-8420core_i7-8670txeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5celeron_3965ucore_i7-4720hqcore_i7-5500uxeon_e3-1260l_v5simatic_ipc647ecore_i7-3840qm_core_i5-4570xeon_e3-1246_v3core_i3-7100hceleron_g1840core_i3-3245core_i3-4370xeon_e3-1265lxeon_e3-1235_v2core_i7-4610yxeon_e-2276mlxeon_e-2244gceleron_1037ucore_i9-9900kxeon_e-2176gcore_i5-4460txeon_e3-1275l_v3simatic_ipc3000_smart_firmwarecore_i3-4350celeron_g1630core_i3-6320tcore_i5-3320mcore_i5-4670core_i3-7120core_i7-8709gsimatic_ipc627ecore_i5-6287ucore_i5-4210ycore_i7-4712mqcore_i5-9400core_i3-8100tpentium_4415ucore_i7-4510ucore_i7-5950hqcore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-8557ucore_i7-5550uxeon_e3-1245_v2simatic_ipc547gceleron_g1610core_i7-8700tcore_i3-4150tcore_i7-4770kcore_i3-4030ucore_i7-6820hqcore_i5-7400core_i7-8650ucore_i7-3615qmcore_i5-4200ucore_i5-6600core_i7-6700tcore_i7-6920hqcore_i3-3115ccore_i3-6100uxeon_e3-1230_v6core_i3-4330tpentium_g4400tecore_i3-3110mcore_i5-4670sxeon_e3-1276_v3simatic_ipc627e_firmwarecore_i5-8500bxeon_e-2124gcore_i5-5575rxeon_e3-1231_v3core_i5-3230msimotion_p320-4e_firmwarexeon_e-2288gcore_i5-3475sxeon_e-2234core_i7-4900mqpentium_g4520tcore_i3-6320core_i5-9400fcore_i7-6700kcore_i3-8000core_i7-9850hpentium_3560ycore_i3-7320tcore_i5-7440eqceleron_1007ucore_i7-8560uceleron_g3900tcore_i7-3770score_i5-4690score_i3-8000tceleron_g3920core_i5-6400tpentium_g2130_v2core_i3-7100uceleron_g1850core_i5-5287ucore_i3-7101tesimatic_ipc677d_firmwarecore_i5-3570txeon_e3-1105c_v2core_i5-7600kcore_m5-6y57core_i5-8250upentium_g2010_v2core_5405usimatic_ipc547e_firmwarexeon_e-2126gcore_i5-3340score_i3-4130core_i7-7820eqcore_i5-3570kceleron_g1840tcore_i5-4300ycore_i5-7360uxeon_e3-1240_v3core_i7-4700mqcore_i5-6500core_i3-7340celeron_1017ucore_9750hfcore_i3-5157uxeon_e3-1220_v6core_i5-6200ucore_i5-3339ycore_m3-8100ysimatic_ipc477dcore_i5-5675rxeon_e3-1225_v2xeon_e-2186mcore_i3-4030ysimatic_itp1000_firmwarexeon_e-2176mxeon_e3-1285_v4core_i3-3250tcore_i7-6820hkpentium_g3420pentium_g3420tpentium_g4400core_i3-3120mecore_i5-4570tcore_i5-10310ycore_i7-3615qecore_i7-3630qmxeon_e-2284gcore_i3-6102ecore_i3-3210core_i5-6600tcore_i5-4430core_i3-8020core_i5-3439ycore_i7-4810mqxeon_e3-1275_v6core_i7-6510uxeon_e3-1575m_v5xeon_e-2278gxeon_e3-1505l_v5xeon_e3-1245_v6core_i3-4010ucore_i7-8850hcore_i5-7210ucore_i3-7130ucore_i7-4650ucore_i7-3555lecore_i7-4760hqsimatic_itp1000core_i5-5350ucore_i7-4700eccore_i7-6820eqcore_i7-3610qmcore_i7-4770tcore_i5-8650simatic_ipc647dcore_i5-6500texeon_e3-1235l_v5core_i7-5700hqcore_m3-7y30xeon_e3-1285l_v3core_i5-4202ycore_i5-4302yceleron_g4950celeron_1000mcore_i3-4360tpentium_g2120t_v2core_i3-3225celeron_g4900pentium_4405ycore_i3-3217ucore_i3-5010upentium_g5500xeon_e3-1275_v2core_i5-8200ycore_i3-6100core_i5-4460score_i5-8310ycore_i5-7640xpentium_g3450tsimatic_ipc627d_firmwareceleron_g1620tcore_i5-7440hqcore_i5-6360uxeon_e-2144gcore_i7-8569ucore_i5-8650kcore_i5-3470tcore_i7-5750hqcore_i5-4590tcore_i5-6267ucore_i5-3350pcore_i5-4288uceleron_3965ypentium_g3470core_i5-3450sceleron_g3900tepentium_g3240tcore_i5-3210mceleron_3855usimatic_ipc677e_firmwarecore_i5-6440eqcore_i5-4200ycore_i5-8600tcore_i5-8305gcore_i9-9980hkcore_i7-4870hqcore_i7-8559upentium_g2100t_v2xeon_e-2146gcore_i3-6100tepentium_g3250core_i3-8130upentium_g5400pentium_2020m_v2xeon_e3-1270Intel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2020-0178
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.98%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0019
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 22:07
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2020-0293
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.67%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:48
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A-141455849

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2001-0416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.09% / 26.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

Action-Not Available
Vendor-immunixn/aMandriva (Mandrakesoft)Debian GNU/Linux
Product-mandrake_linuximmunixsgml-toolsn/a
CVE-2020-0121
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.32%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 17:11
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0453
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.32%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0397
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:46
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0389
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.06%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0106
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 20:10
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0289
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:47
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0399
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:42
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0422
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:07
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0276
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:08
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0378
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:05
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0468
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.25%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:51
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0410
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:04
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • ...
  • 14
  • 15
  • 16
  • ...
  • 107
  • 108
  • Next
Details not found