|
211801
|
6.4 |
MEDIUM
Local
|
google
|
android
|
In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed fo…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2020-0428
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211802
|
5.5 |
MEDIUM
Local
|
google
debian
opensuse
starwindsoftware
|
android
debian_linux
leap
starwind_virtual_san
|
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User inter…
|
CWE-125
CWE-416
Out-of-bounds Read
Use After Free
|
CVE-2020-0427
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211803
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution pr…
|
CWE-269
Improper Privilege Management
|
CVE-2020-0403
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211804
|
7.8 |
HIGH
Local
|
google
|
android
|
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no ad…
|
CWE-1021
CWE-862
Improper Restriction of Rendered UI Layers or Frames
Missing Authorization
|
CVE-2020-0387
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211805
|
4.4 |
MEDIUM
Local
|
google
|
android
|
In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-0407
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211806
|
5.5 |
MEDIUM
Local
|
google
oracle
|
android
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function
|
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional e…
|
CWE-269
Improper Privilege Management
|
CVE-2020-0404
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211807
|
7.8 |
HIGH
Local
|
google
|
android
|
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional ex…
|
CWE-862
Missing Authorization
|
CVE-2020-0401
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211808
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User e…
|
NVD-CWE-noinfo
|
CVE-2020-0399
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211809
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution…
|
NVD-CWE-noinfo
|
CVE-2020-0397
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211810
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User inter…
|
NVD-CWE-noinfo
|
CVE-2020-0396
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
