215 matches found
CVE-2020-25055
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The persona service allows attackers who control an unprivileged SecureFolder process to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 August 2020...
CVE-2020-0247
In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0...
CVE-2020-0241
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
ALPINE-CVE-2020-0256
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2020-11593 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 8.0 through 10 Description: A logic flaw in the Settings app could lead to a confused deputy attack due to a race condition in the updatePreferenceIntents of AccountTypePreferenceLoader. This could result in local escalation ...
Google Android Media Framework elevation of privilege vulnerability (CNVD-2020-44370)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Media Framework component of Google Android 8.0, 8.1, 9, and 10, which can be exploited by an attacker to...
CVE-2020-0227
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User...
CVE-2020-0122
In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
CVE-2020-15578
An issue was discovered on Samsung mobile devices with O8.x software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 July 2020...
CVE-2020-15583
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 July 2020...
CVE-2020-15579
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Attackers can bypass Factory Reset Protection FRP via the KNOX API. The Samsung ID is SVE-2020-17318 July 2020...
PT-2020-11573 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-8.0 through Android-11 Description: The issue is related to a possible leak of Bluetooth information due to a permissions bypass in the onCreate method of ConfirmConnectActivity.java. This could lead to local escalati...
CVE-2020-13834
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 with TEEGRIS software. Secure Folder does not properly restrict use of Android Debug Bridge adb for arbitrary installations. The Samsung ID is SVE-2020-17369 June 2020...
CVE-2020-13836
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 June 2020...
CVE-2020-0101
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...
DEBIAN-CVE-2020-0093
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
ALPINE-CVE-2020-0093
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
Google Android System elevation of privilege vulnerability (CNVD-2020-27128)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit this vulnerability to elevate...
CVE-2020-0072
In rwt2thandletlvdetectrsp of rwt2tndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8....
CVE-2019-20785
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...