297 matches found
CVE-2020-25062
An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 July 2020...
CVE-2020-25058
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The networkmanagement service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 July 2020...
CVE-2020-25050
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...
CVE-2020-25051
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. Attackers can bypass Factory Reset Protection FRP via AppInfo. The Samsung ID is SVE-2020-17758 August 2020...
CVE-2020-0239
In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file eg. a photo containing location metadata with no additional execution privileges needed. User...
Google Android Framework Information Disclosure Vulnerability (CNVD-2020-44374)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Framework component of Google Android 9 and 10, which can be exploited by attackers to obtain information...
Google Android Media Framework elevation of privilege vulnerability (CNVD-2020-44370)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Media Framework component of Google Android 8.0, 8.1, 9, and 10, which can be exploited by an attacker to...
CVE-2020-15582
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 Exynos 7885 chipsets software. The Bluetooth Low Energy BLE component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 July 2020...
CVE-2020-15583
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 July 2020...
CVE-2020-13841
An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...
Google Android Media framework information disclosure vulnerability (CNVD-2020-31525)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Media framework component of Google Android 9 and 10. An attacker can exploit this vulnerability to obtain...
CVE-2020-0103
In a2dpaacdecodercleanup of a2dpaacdecoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android...
CVE-2020-0105
In onKeyguardVisibilityChanged of keystoreservice.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0101
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...
CVE-2020-0109
In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...
CVE-2020-0104
In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0094
In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...
DEBIAN-CVE-2020-0093
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
Google Android System elevation of privilege vulnerability (CNVD-2020-27128)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit this vulnerability to elevate...
Google Android System elevation of privilege vulnerability (CNVD-2020-27126)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 9 and 10. An attacker can exploit this vulnerability to elevate privileges...