Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0466 | 1 Google | 1 Android | 2020-12-15 | 7.2 HIGH | 7.8 HIGH |
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel | |||||
CVE-2020-0456 | 1 Google | 1 Android | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843 | |||||
CVE-2020-0457 | 1 Google | 1 Android | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562 | |||||
CVE-2020-0455 | 1 Google | 1 Android | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514 | |||||
CVE-2020-0294 | 1 Google | 1 Android | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372 | |||||
CVE-2020-26964 | 2 Google, Mozilla | 2 Android, Firefox | 2020-12-10 | 4.0 MEDIUM | 6.8 MEDIUM |
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | |||||
CVE-2020-0418 | 1 Google | 1 Android | 2020-11-17 | 4.6 MEDIUM | 7.8 HIGH |
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813 | |||||
CVE-2020-28344 | 1 Google | 1 Android | 2020-11-16 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020). | |||||
CVE-2020-28345 | 1 Google | 1 Android | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020). | |||||
CVE-2020-0441 | 1 Google | 1 Android | 2020-11-12 | 7.8 HIGH | 7.5 HIGH |
In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295 | |||||
CVE-2020-28340 | 1 Google | 1 Android | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). | |||||
CVE-2020-28341 | 2 Google, Samsung | 2 Android, Exynos 990 | 2020-11-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020). | |||||
CVE-2020-28342 | 1 Google | 1 Android | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application via the Reminder application. The Samsung ID is SVE-2020-18689 (November 2020). | |||||
CVE-2020-28343 | 2 Google, Samsung | 4 Android, Exynos 980, Exynos 9820 and 1 more | 2020-11-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020). | |||||
CVE-2019-19273 | 2 Google, Samsung | 5 Android, Exynos 8895, Galaxy Note8 and 2 more | 2020-11-10 | 7.2 HIGH | 7.8 HIGH |
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. | |||||
CVE-2020-0451 | 1 Google | 1 Android | 2020-11-10 | 9.3 HIGH | 8.8 HIGH |
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825 | |||||
CVE-2020-0442 | 1 Google | 1 Android | 2020-11-10 | 7.8 HIGH | 7.5 HIGH |
In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092 | |||||
CVE-2017-8244 | 1 Google | 1 Android | 2020-11-09 | 6.9 MEDIUM | 7.0 HIGH |
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | |||||
CVE-2017-8245 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. | |||||
CVE-2017-8246 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. |