LG mobile security breach

LG mobile is a mobile device from LG Corporation A security vulnerability exists in LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software that originates from a WebView SSL error handling...

CVE-2020-0458

In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2020-0409

In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8...

CVE-2020-0449

In btmsecdisconnected of btmsec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9...

CVE-2020-0450

In rwi93smformat of rwi93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...

CVE-2020-28340

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. Attackers can bypass Factory Reset Protection FRP via Secure Folder. The Samsung ID is SVE-2020-18546 November 2020...

CVE-2020-28344

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 November 2020...

libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

CVE-2020-26606

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...

CVE-2020-26602

An issue was discovered in EthernetNetwork on Samsung mobile devices with O8.1, P9.0, Q10.0, and R11.0 software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 October 2020...

CVE-2020-26598

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 October 2020...

libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c

In vp8decodeframe of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2020-0294

In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0401

In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

CVE-2020-0385

In Parseinsh of easmdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2020-0380

In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0...

CVE-2020-0245

In DecodeFrameCombinedMode of combineddecode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-1...

CVE-2020-25063

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 July 2020...

CVE-2020-25058

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The networkmanagement service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 July 2020...