Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-264
Vulnerability from certfr_avis - Published: 2020-05-05 - Updated: 2020-05-05
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions sans le correctif du 4 mai 2020",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0096"
},
{
"name": "CVE-2019-14077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14077"
},
{
"name": "CVE-2020-0100",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0100"
},
{
"name": "CVE-2020-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3610"
},
{
"name": "CVE-2019-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14087"
},
{
"name": "CVE-2020-0110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0110"
},
{
"name": "CVE-2020-0090",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0090"
},
{
"name": "CVE-2020-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3618"
},
{
"name": "CVE-2020-3630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3630"
},
{
"name": "CVE-2020-3680",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3680"
},
{
"name": "CVE-2020-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3623"
},
{
"name": "CVE-2019-14066",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14066"
},
{
"name": "CVE-2019-19536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19536"
},
{
"name": "CVE-2020-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0098"
},
{
"name": "CVE-2020-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3645"
},
{
"name": "CVE-2020-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0065"
},
{
"name": "CVE-2019-14078",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14078"
},
{
"name": "CVE-2020-0103",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0103"
},
{
"name": "CVE-2020-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3633"
},
{
"name": "CVE-2020-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0064"
},
{
"name": "CVE-2020-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0105"
},
{
"name": "CVE-2020-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3641"
},
{
"name": "CVE-2020-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0091"
},
{
"name": "CVE-2020-0104",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0104"
},
{
"name": "CVE-2020-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0109"
},
{
"name": "CVE-2020-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0094"
},
{
"name": "CVE-2019-14054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14054"
},
{
"name": "CVE-2020-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3625"
},
{
"name": "CVE-2020-0102",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0102"
},
{
"name": "CVE-2020-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0093"
},
{
"name": "CVE-2020-0101",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0101"
},
{
"name": "CVE-2019-14053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14053"
},
{
"name": "CVE-2020-0092",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0092"
},
{
"name": "CVE-2020-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0097"
},
{
"name": "CVE-2020-0106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0106"
},
{
"name": "CVE-2020-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3616"
},
{
"name": "CVE-2019-14067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14067"
},
{
"name": "CVE-2020-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0024"
},
{
"name": "CVE-2020-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3615"
}
],
"initial_release_date": "2020-05-05T00:00:00",
"last_revision_date": "2020-05-05T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-264",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google 2020-05-01 du 4 mai 2020",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
CVE-2020-0065 (GCVE-0-2020-0065)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:12 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448
Severity
No CVSS data available.
CWE
- improper authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:12:27.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0065",
"datePublished": "2020-05-14T20:12:27.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0090 (GCVE-0-2020-0090)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:12 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048
Severity
No CVSS data available.
CWE
- improper authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:12:22.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0090",
"datePublished": "2020-05-14T20:12:22.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0091 (GCVE-0-2020-0091)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:12 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700
Severity
No CVSS data available.
CWE
- incorrect configuration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "incorrect configuration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:12:15.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0091",
"datePublished": "2020-05-14T20:12:15.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0092 (GCVE-0-2020-0092)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:08 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:08:49.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0092",
"datePublished": "2020-05-14T20:08:49.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0093 (GCVE-0-2020-0093)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:10 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://usn.ubuntu.com/4396-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/202007-05 | vendor-advisoryx_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
},
{
"name": "[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"
},
{
"name": "openSUSE-SU-2020:0793",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
},
{
"name": "USN-4396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4396-1/"
},
{
"name": "GLSA-202007-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T00:06:13.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
},
{
"name": "[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"
},
{
"name": "openSUSE-SU-2020:0793",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
},
{
"name": "USN-4396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4396-1/"
},
{
"name": "GLSA-202007-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
},
{
"name": "[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"
},
{
"name": "openSUSE-SU-2020:0793",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
},
{
"name": "USN-4396-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4396-1/"
},
{
"name": "GLSA-202007-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0093",
"datePublished": "2020-05-14T20:10:39.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0094 (GCVE-0-2020-0094)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:10 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-9 Android-10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:10:26.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0094",
"datePublished": "2020-05-14T20:10:26.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0096 (GCVE-0-2020-0096)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:09 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:09:51.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0096",
"datePublished": "2020-05-14T20:09:51.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0097 (GCVE-0-2020-0097)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:09 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-9 Android-10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:09:59.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9 Android-10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0097",
"datePublished": "2020-05-14T20:09:59.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0098 (GCVE-0-2020-0098)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:08 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-10 Android-8.0 Android-8.1 Android-9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:08:31.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0098",
"datePublished": "2020-05-14T20:08:31.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0100 (GCVE-0-2020-0100)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:12 – Updated: 2024-08-04 05:47
VLAI
EPSS
Summary
In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2020-05-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-8.1 Android-8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:12:37.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.1 Android-8.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-05-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-05-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0100",
"datePublished": "2020-05-14T20:12:37.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T05:47:40.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…