Lucene search

Android Security Vulnerabilities - 2020

cve

CVE-2020-28341

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020).

7.8CVSS

7.9AI Score

0.0004EPSS

2020-11-08 05:15 AM

cve

CVE-2020-28342

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application via the Reminder application. The Samsung ID is SVE-2020-18689 (November 2020).

7.8CVSS

7.7AI Score

0.0005EPSS

2020-11-08 05:15 AM

cve

CVE-2020-28343

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).

7.8CVSS

7.9AI Score

0.0004EPSS

2020-11-08 05:15 AM

cve

CVE-2020-28344

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).

7.5CVSS

7.5AI Score

0.001EPSS

2020-11-08 05:15 AM

cve

CVE-2020-28345

An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).

7.5CVSS

7.5AI Score

0.001EPSS

2020-11-08 05:15 AM

cve

CVE-2020-35548

An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).

5.5CVSS

5.5AI Score

0.0004EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35549

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).

5.5CVSS

5.6AI Score

0.0004EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35550

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).

9.8CVSS

9.4AI Score

0.001EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35551

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 ...

9.8CVSS

7.1AI Score

0.001EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35552

An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020).

5.3CVSS

5.2AI Score

0.001EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35553

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678...

7.5CVSS

7.4AI Score

0.001EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35554

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).

7.8CVSS

7.6AI Score

0.0004EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35555

An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).

7.8CVSS

7.5AI Score

0.0004EPSS

2020-12-18 09:15 AM

cve

CVE-2020-35693

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offer...

8.8CVSS

8.3AI Score

0.001EPSS

2020-12-24 06:15 PM

cve

CVE-2020-6616

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 ...

6.5CVSS

7.5AI Score

0.001EPSS

2020-05-08 08:15 PM

178

cve

CVE-2020-8860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. ...

8CVSS

8.1AI Score

0.001EPSS

2020-02-22 12:15 AM

139

cve

CVE-2020-8899

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading t...

9.8CVSS

9.7AI Score

0.034EPSS

2020-05-06 05:15 PM

111

Total number of security vulnerabilities917