CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0459
https://notcve.org/view.php?id=CVE-2020-0459
14 Dec 2020 — In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687 En la función sendConfiguredNetworkChangedBroadcast del archivo WifiConfigManager.java,... • https://source.android.com/security/bulletin/2020-12-01 • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0099
https://notcve.org/view.php?id=CVE-2020-0099
14 Dec 2020 — In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510 En la función addWindow del archivo WindowManagerService.java, se presenta un posible ataque de superposición de ventanas debido a un valor pre... • https://source.android.com/security/bulletin/2020-12-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0437
https://notcve.org/view.php?id=CVE-2020-0437
10 Nov 2020 — In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-162741784 En los manejadores de intent de CellBroadcastReceiver, se presenta una posible denegación de servicio debido a una falta de comprob... • https://source.android.com/security/bulletin/2020-11-01 • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0449
https://notcve.org/view.php?id=CVE-2020-0449
10 Nov 2020 — In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143 En la función btm_sec_disconnected del archivo btm_sec.cc, se presenta una posible corrupción de la memoria debido a un uso de la memoria previament... • https://source.android.com/security/bulletin/2020-11-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 3CVE-2020-0453
https://notcve.org/view.php?id=CVE-2020-0453
10 Nov 2020 — In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474 En la función updateNotification del archivo BeamTransferManager.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conl... • https://github.com/pazhanivel07/Nfc_CVE-2020-0453 •
CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 1CVE-2020-0451
https://notcve.org/view.php?id=CVE-2020-0451
10 Nov 2020 — In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825 En la función sbrDecoder_AssignQmfChannels2SbrChannels del archivo sbrdecoder.cpp, se presenta una posible escritura fuera de límites debido... • https://github.com/nanopathi/external_aac_AOSP10_r33_CVE-2020-0451 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-0441
https://notcve.org/view.php?id=CVE-2020-0441
10 Nov 2020 — In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295 En las funciones Message y toBundle del archivo Notification.java, se presenta un posible agotamiento de recursos d... • https://source.android.com/security/bulletin/2020-11-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0450
https://notcve.org/view.php?id=CVE-2020-0450
10 Nov 2020 — In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336 En la función rw_i93_sm_format del archivo rw_i93.cc, se presenta una posible lectura fuera de límites debido a datos no inicializados. Esto podría conl... • https://source.android.com/security/bulletin/2020-11-01 • CWE-125: Out-of-bounds Read CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0409
https://notcve.org/view.php?id=CVE-2020-0409
10 Nov 2020 — In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193 En la función create del archivo FileMap.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada l... • https://github.com/nanopathi/system_core_AOSP10_r33_CVE-2020-0409 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0448
https://notcve.org/view.php?id=CVE-2020-0448
10 Nov 2020 — In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334 En la función getPhoneAccountsForPackag... • https://source.android.com/security/bulletin/2020-11-01 • CWE-862: Missing Authorization •