Product Google Android

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Last Year

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Version »

Grouping all affected versions of a specific product helps to determine existing issues. This makes it possible to determine vendors and products which need attention when it comes to remediations.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

Last Year »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

Last Year »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Versions (76): 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 2.0, 2.0.1, 2.1, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.37, 3.0, 3.1, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.10, 3.18, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.3, 4.3.1, 4.4, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 5.0, 5.0.1, 5.0.2, 5.1, 5.1.1, 5.1.1 LMY49C, 6.0, 6.0.1, 7.0, 7.1, 7.1.1, 7.1.2, 8., 8.0, 8.1, 9, 9.0, 10, 10.0, 11.0, 18.0.1, 1012, M3-rc37a, M5-rc14

Link to Product Website: https://www.google.com/

Software Type: Smartphone Operating System

PublishedBaseTempVulnerability0dayTodayExpRemCTICVE
11/10/20203.33.2Google Android ConnectivityService.java callCallbackForRequest permission assignment$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0454
11/10/20205.35.1Google Android BeamTransferManager.java updateNotification default permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0453
11/10/20209.89.4Google Android exif-entry.c exif_entry_get_value integer overflow$100k and more$25k-$100kNot DefinedOfficial Fix0.06CVE-2020-0452
11/10/20208.88.4Google Android sbrdecoder.cpp sbrDecoder_AssignQmfChannels2SbrChannels out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.06CVE-2020-0451
11/10/20203.33.2Google Android rw_i93.cc rw_i93_sm_format initialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-0450
11/10/20208.88.4Google Android btm_sec.cc btm_sec_disconnected use after free$100k and more$25k-$100kNot DefinedOfficial Fix0.06CVE-2020-0449
11/10/20203.33.2Google Android TelecomServiceImpl.java getPhoneAccountsForPackage information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-0448
11/10/20205.55.3Google Android out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.31CVE-2020-0447
11/10/20209.89.4Google Android out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.12CVE-2020-0446
11/10/20209.89.4Google Android out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.11CVE-2020-0445
11/10/20203.33.2Google Android LocaleList.java LocaleList improper check for unusual conditions$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0443
11/10/20205.35.1Google Android UI Notification.java toBundle denial of service$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0442
11/10/20205.35.1Google Android Notification Notification.java toBundle resource consumption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0441
11/10/20205.35.1Google Android PackageManagerService.java generatePackageInfo permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2020-0439
11/10/20205.35.1Google Android ibinder.cpp AIBinder_Class uninitialized pointer$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0438
11/10/20203.33.2Google Android CellBroadcastReceiver's denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0437
11/10/20203.33.2Google Android res_send.cpp send_vc out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0424
11/10/20205.35.1Google Android Utils.java getPermissionInfosForGroup permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0418
11/10/20205.35.1Google Android FileMap.cpp out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.13CVE-2020-0409
10/14/20207.87.5Google Android Kernel binder.c binder_release_work use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0423
10/14/20203.33.2Google Android Pendingintent NotificationImportExportListener.java constructImportFailureNotification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.35CVE-2020-0422
10/14/20206.56.3Google Android Error Handling String8.cpp appendFormatV privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.18CVE-2020-0421
10/14/20206.56.3Google Android Permission Check GpuService.cpp setUpdatableDriverPath memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.37CVE-2020-0420
10/14/20204.44.2Google Android Permission Check PackageInstallerSession.java generateInfo information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-0419
10/14/20206.86.5Google Android Settings Screen permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0416
10/14/20204.44.2Google Android SystemUI information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0415
10/14/20205.45.1Google Android Audio Buffer Threads.cpp threadLoop information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.45CVE-2020-0414
10/14/20206.46.1Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.50CVE-2020-0413
10/14/20203.33.2Google Android ActivityManagerService.java setProcessMemoryTrimLevel information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.46CVE-2020-0412
10/14/20205.45.1Google Android AACExtractor.cpp ~AACExtractor out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0411
10/14/20204.44.2Google Android Pendingintent SapServer.java setNotification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.50CVE-2020-0410
10/14/20206.56.3Google Android String16.cpp remove integer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0408
10/14/20204.44.2Google Android Pendingintent NotificationMgr.java showDataRoamingNotification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.45CVE-2020-0400
10/14/20204.44.2Google Android PendingIntent Error NotificationMgr.java updateMwi information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.41CVE-2020-0398
10/14/20204.44.2Google Android Permission Check PasspointManager.java onWnmFrameReceived information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.28CVE-2020-0378
10/14/20206.46.4Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp out-of-bounds read$25k-$100k$25k-$100kNot DefinedOfficial Fix0.00CVE-2020-0377
10/14/20207.37.0Google Android out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.40CVE-2020-0376
10/14/20207.37.0Google Android out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.30CVE-2020-0371
10/14/20207.37.0Google Android out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.40CVE-2020-0367
10/14/20207.37.0Google Android out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0339
10/14/20207.37.0Google Android out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0283
10/14/20204.44.2Google Android Permission Check UiccAccessRule.java getCarrierPrivilegeStatus information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0246
10/14/20206.56.3Google Android SurfaceFlinger SurfaceFlinger.cpp createLayer privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.72CVE-2019-2194
09/18/20206.56.3Google Android NetworkStackNotifier permissions$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0405
09/18/20204.94.7Google Android netd out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-0365
09/18/20205.65.3Google Android NFC out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-0350
09/18/20203.43.3Google Android NFC permissions$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-0349
09/18/20203.43.3Google Android NFC out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-0348
09/18/20205.65.3Google Android iptables out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0347
09/18/20205.65.3Google Android NFC out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0335

more entries by Google

Do you know our Splunk app?

Download it now for free!