CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0449
https://notcve.org/view.php?id=CVE-2020-0449
10 Nov 2020 — In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143 En la función btm_sec_disconnected del archivo btm_sec.cc, se presenta una posible corrupción de la memoria debido a un uso de la memoria previament... • https://source.android.com/security/bulletin/2020-11-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-0454
https://notcve.org/view.php?id=CVE-2020-0454
10 Nov 2020 — In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134 En la función callCallbackForRequest del archivo ConnectivityService.java, se presenta una posible omisión de permisos debido a una falta de comprobación de permisos. ... • https://source.android.com/security/bulletin/2020-11-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0424
https://notcve.org/view.php?id=CVE-2020-0424
10 Nov 2020 — In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564 En la función send_vc del archivo res_send.cpp, se presenta una posible lectura fuera de límites debido a una comprobación incorrecta de límites. Esto podría conllevar a una divulga... • https://source.android.com/security/bulletin/2020-11-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 3CVE-2020-0453
https://notcve.org/view.php?id=CVE-2020-0453
10 Nov 2020 — In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474 En la función updateNotification del archivo BeamTransferManager.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conl... • https://github.com/pazhanivel07/Nfc_CVE-2020-0453 •
CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 1CVE-2020-0451
https://notcve.org/view.php?id=CVE-2020-0451
10 Nov 2020 — In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825 En la función sbrDecoder_AssignQmfChannels2SbrChannels del archivo sbrdecoder.cpp, se presenta una posible escritura fuera de límites debido... • https://github.com/nanopathi/external_aac_AOSP10_r33_CVE-2020-0451 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-0441
https://notcve.org/view.php?id=CVE-2020-0441
10 Nov 2020 — In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295 En las funciones Message y toBundle del archivo Notification.java, se presenta un posible agotamiento de recursos d... • https://source.android.com/security/bulletin/2020-11-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0450
https://notcve.org/view.php?id=CVE-2020-0450
10 Nov 2020 — In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336 En la función rw_i93_sm_format del archivo rw_i93.cc, se presenta una posible lectura fuera de límites debido a datos no inicializados. Esto podría conl... • https://source.android.com/security/bulletin/2020-11-01 • CWE-125: Out-of-bounds Read CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0409
https://notcve.org/view.php?id=CVE-2020-0409
10 Nov 2020 — In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193 En la función create del archivo FileMap.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada l... • https://github.com/nanopathi/system_core_AOSP10_r33_CVE-2020-0409 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0448
https://notcve.org/view.php?id=CVE-2020-0448
10 Nov 2020 — In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334 En la función getPhoneAccountsForPackag... • https://source.android.com/security/bulletin/2020-11-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-0443
https://notcve.org/view.php?id=CVE-2020-0443
10 Nov 2020 — In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253 En la función LocaleList del archivo LocaleList.java, se presenta un posible reinicio forzado debido a una excepción no detectada. Esto pod... • https://github.com/Supersonic/CVE-2020-0443 • CWE-755: Improper Handling of Exceptional Conditions •