{"vulnerability": "CVE-2020-2703", "sightings": [{"uuid": "62072c16-32ca-494e-a929-2de891a94d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27030", "type": "seen", "source": "https://t.me/cibsecurity/20826", "content": "\u203c CVE-2020-27030 \u203c\n\nIn onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150612638\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T18:41:05.000000Z"}, {"uuid": "f0bde663-fd3a-42e8-88ed-cf4267ff50ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27039", "type": "seen", "source": "https://t.me/cibsecurity/20842", "content": "\u203c CVE-2020-27039 \u203c\n\nIn postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878498\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T20:40:36.000000Z"}, {"uuid": "1553e455-41c4-4bfa-b00b-5872fef78335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27038", "type": "seen", "source": "https://t.me/cibsecurity/20852", "content": "\u203c CVE-2020-27038 \u203c\n\nIn process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T20:40:51.000000Z"}, {"uuid": "8e1ff20d-8f1d-48f5-af95-ee7fc9b63f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27035", "type": "seen", "source": "https://t.me/cibsecurity/20818", "content": "\u203c CVE-2020-27035 \u203c\n\nIn priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T18:40:53.000000Z"}]}