CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0008
https://notcve.org/view.php?id=CVE-2020-0008
08 Jan 2020 — In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228 En la función LowEnergyClient::MtuChangedCallback del archivo low_energy_client.cc, hay una posible lectura fuera de límites debido a un... • https://source.android.com/security/bulletin/2020-01-01 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0007
https://notcve.org/view.php?id=CVE-2020-0007
08 Jan 2020 — In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807 En la función flattenString8 del archivo Sensor.cpp, hay una posible divulgación de información de la memoria de la pila debido a datos no inicial... • https://source.android.com/security/bulletin/2020-01-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0006
https://notcve.org/view.php?id=CVE-2020-0006
08 Jan 2020 — In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828 En la función rw_i93_send_cmd_write_single_block del archivo rw_i93.cc, hay una posible divulgación de informaci... • https://source.android.com/security/bulletin/2020-01-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0004
https://notcve.org/view.php?id=CVE-2020-0004
08 Jan 2020 — In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476 En la función generateCrop del archivo WallpaperManagerService.java, hay un posible bloqueo de sysui debido a que la imagen excede el tamaño máximo de te... • https://source.android.com/security/bulletin/2020-01-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-0003
https://notcve.org/view.php?id=CVE-2020-0003
08 Jan 2020 — In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904 En la función onCreate del archivo InstallStart.java, hay una posible omisión de comprobación de paquete debido a una vulnerabilidad de tiempo de uso y tiempo de comprobación. E... • https://source.android.com/security/bulletin/2020-01-01 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0002
https://notcve.org/view.php?id=CVE-2020-0002
08 Jan 2020 — In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711 En la función ih264d_init_decoder del archivo ih264d_api.c, hay una posible escritura fuera de límites debido a un uso de la memoria previamente liberada. Esto podría conl... • https://source.android.com/security/bulletin/2020-01-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0001
https://notcve.org/view.php?id=CVE-2020-0001
08 Jan 2020 — In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304 En la función getProcessRecordLocked del archivo ActivityManagerService.java, las aplicaciones aisladas no son manejadas correctamente. Esto podría conllevar a una e... • https://github.com/Zachinio/CVE-2020-0001 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-0009 – Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN
https://notcve.org/view.php?id=CVE-2020-0009
08 Jan 2020 — In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 En la función calc_vm_may_flags del archivo ashmem.c, hay una posible escritura arbitraria en la memoria compartida debido a una omisión ... • https://packetstorm.news/files/id/155903 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9465
https://notcve.org/view.php?id=CVE-2019-9465
07 Jan 2020 — In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003 En el manejo de operaciones criptográficas de Titan M, hay una posible divulgación de información debido a una causa raíz inusual. Esto podría conllevar a una divulgación de infor... • https://github.com/alexbakker/CVE-2019-9465 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9468
https://notcve.org/view.php?id=CVE-2019-9468
06 Jan 2020 — In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471 En la función export_key_der del archivo export_key.cpp, es posible una corrupción de la memoria debido a una doble liberación. Esto podría conllevar a una escalada local de privilegios sin ser necesarios priv... • https://source.android.com/security/bulletin/pixel/2019-12-01 • CWE-415: Double Free CWE-787: Out-of-bounds Write •