CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-27059
https://notcve.org/view.php?id=CVE-2020-27059
11 Jan 2021 — In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069. En la función onAuthenticated del archivo AuthenticationClient.java, se presenta un posible ataque de tipo tapj... • https://source.android.com/security/bulletin/pixel/2021-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22492
https://notcve.org/view.php?id=CVE-2021-22492
05 Jan 2021 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021). Se detectó un problema en los dispositivos móviles de Samsung con versiones de software O(8.x), P(9.0) y Q(10.0) (chipsets Broadcom Bluetooth). El controlador UART de Bluetooth presenta un desbordamiento del búfer. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22495
https://notcve.org/view.php?id=CVE-2021-22495
05 Jan 2021 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021). Se detectó un problema en los dispositivos móviles de Samsung con versiones de software O(8.x), P(9.0), Q(10.0) y R(11.0) (chipsets Exynos). El controlador GPU de Mali permite un acceso fuera de límites y el reinicio del dispositivo. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35549
https://notcve.org/view.php?id=CVE-2020-35549
18 Dec 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0). Cualquier aplicación puede establecerse como el marcador predeterminado, sin una interacción del usuario. • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35550
https://notcve.org/view.php?id=CVE-2020-35550
18 Dec 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0), Q(10.0) y R(11.0). Unos atacantes pueden omitir Factory Reset Protection (FRP) por medio de StatusBar. • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35551
https://notcve.org/view.php?id=CVE-2020-35551
18 Dec 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones software O(8.x), P(9.0) y Q(10.0) (chipsets Exynos). Permiten a atacantes conducir ataques de cambio de estado RPMB po... • https://security.samsungmobile.com/securityUpdate.smsb • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35552
https://notcve.org/view.php?id=CVE-2020-35552
18 Dec 2020 — An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). Se detectó un problema en el demonio GPS en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0) (chipsets no Qualcomm). Unos atacantes pueden conseguir información confidencial sobre la ubicaci... • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35554
https://notcve.org/view.php?id=CVE-2020-35554
18 Dec 2020 — An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020). Se detectó un problema en los dispositivos móviles LG con software Android OS versiones 8.0, 8.1, 9.0 y 10. Se presenta una vulnerabilidad del manejador de errores SSL de WebView. • https://lgsecurity.lge.com •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2020-0463
https://notcve.org/view.php?id=CVE-2020-0463
14 Dec 2020 — In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531 En la función sdp_server_handle_client_req del archivo sdp_server.cc, se presenta una posible lectura fuera de límit... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2020-0463 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0458
https://notcve.org/view.php?id=CVE-2020-0458
14 Dec 2020 — In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164 En la función SPDIFEncoder::writeBurstBufferBytes y métodos relacionados del archivo SPDIFEncoder.cpp, se presenta una posible escritura ... • https://github.com/nanopathi/system_media_AOSP10_r33_CVE-2020-0458 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •