|
215431
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User inter…
|
NVD-CWE-noinfo
|
CVE-2020-0396
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215432
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution pri…
|
NVD-CWE-noinfo
|
CVE-2020-0395
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215433
|
7.8 |
HIGH
Local
|
google
|
android
|
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing co…
|
CWE-1021
CWE-1188
Improper Restriction of Rendered UI Layers or Frames
Insecure Default Initialization of Resource
|
CVE-2020-0394
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215434
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution priv…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-0393
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215435
|
7.8 |
HIGH
Local
|
google
|
android
|
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. U…
|
CWE-415
Double Free
|
CVE-2020-0392
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215436
|
7.8 |
HIGH
Local
|
google
|
android
|
In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with n…
|
NVD-CWE-noinfo
|
CVE-2020-0391
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215437
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-0390
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215438
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privilege…
|
NVD-CWE-noinfo
|
CVE-2020-0389
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215439
|
7.8 |
HIGH
Local
|
google
|
android
|
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privileg…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-0388
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215440
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Blu…
|
CWE-1021
CWE-1188
Improper Restriction of Rendered UI Layers or Frames
Insecure Default Initialization of Resource
|
CVE-2020-0386
|
2024-11-21 13:53 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
