Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35551 | 1 Google | 1 Android | 2020-12-18 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020). | |||||
CVE-2020-35552 | 1 Google | 1 Android | 2020-12-18 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). | |||||
CVE-2020-35553 | 2 Google, Qualcomm | 2 Android, Sm8250 | 2020-12-18 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678 (December 2020). | |||||
CVE-2020-27050 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650365 | |||||
CVE-2020-27067 | 1 Google | 1 Android | 2020-12-16 | 4.4 MEDIUM | 6.4 MEDIUM |
In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 | |||||
CVE-2020-27055 | 1 Google | 1 Android | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161378819 | |||||
CVE-2020-0016 | 1 Google | 1 Android | 2020-12-16 | 7.2 HIGH | 7.8 HIGH |
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | |||||
CVE-2020-0489 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 8.8 HIGH |
In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151096540 | |||||
CVE-2020-0490 | 1 Google | 1 Android | 2020-12-16 | 4.3 MEDIUM | 6.5 MEDIUM |
In floor1_info_unpack of floor1.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155560008 | |||||
CVE-2020-27040 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731880 | |||||
CVE-2020-27043 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
In nfc_enabled of nfc_main.cc, there is a possible out of bounds read due to an incorrect increment. This could lead to local information disclosure via firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155234594 | |||||
CVE-2020-0473 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.6 MEDIUM |
In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486 | |||||
CVE-2020-27045 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649398 | |||||
CVE-2020-27046 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649306 | |||||
CVE-2020-27047 | 1 Google | 1 Android | 2020-12-16 | 4.3 MEDIUM | 5.5 MEDIUM |
In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649298 | |||||
CVE-2020-27049 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649467 | |||||
CVE-2020-27048 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650117 | |||||
CVE-2020-0486 | 1 Google | 1 Android | 2020-12-16 | 4.6 MEDIUM | 7.8 HIGH |
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116 | |||||
CVE-2020-0244 | 1 Google | 1 Android | 2020-12-16 | 4.3 MEDIUM | 5.5 MEDIUM |
In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no clear exfiltration path, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145262423 | |||||
CVE-2020-0476 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574 |