Vulnerabilities > Google > Android > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-17 | CVE-2020-0130 | Command Injection vulnerability in Google Android 11.0 In screencap, there is a possible command injection due to improper input validation. | 7.8 |
| 2020-09-17 | CVE-2020-0434 | Use After Free vulnerability in Google Android In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. | 7.8 |
| 2020-09-17 | CVE-2020-0433 | Improper Locking vulnerability in Google Android In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. | 7.8 |
| 2020-09-17 | CVE-2020-0432 | Integer Overflow or Wraparound vulnerability in multiple products In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. | 7.8 |
| 2020-09-17 | CVE-2020-0430 | Out-of-bounds Read vulnerability in Google Android In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. | 7.8 |
| 2020-09-17 | CVE-2020-0387 | Missing Authorization vulnerability in Google Android In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. | 7.8 |
| 2020-09-17 | CVE-2020-0401 | Missing Authorization vulnerability in Google Android In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. | 7.8 |
| 2020-09-17 | CVE-2020-0394 | Insecure Default Initialization of Resource vulnerability in Google Android In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. | 7.8 |
| 2020-09-17 | CVE-2020-0392 | Double Free vulnerability in Google Android 10.0/9.0 In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. | 7.8 |
| 2020-09-17 | CVE-2020-0391 | Unspecified vulnerability in Google Android 10.0/9.0 In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. | 7.8 |