CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2020-0413
https://notcve.org/view.php?id=CVE-2020-0413
14 Oct 2020 — In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659 En la función gatt_process_read_by_type_rsp del archivo gatt_cl.cc, se presenta una posible lectura fuera de límites deb... • https://github.com/Satheesh575555/system_bt_AOSP10_r33_CVE-2020-0413 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0408
https://notcve.org/view.php?id=CVE-2020-0408
14 Oct 2020 — In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009 En la función remove del archivo String16.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a u... • https://source.android.com/security/bulletin/2020-10-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0410
https://notcve.org/view.php?id=CVE-2020-0410
14 Oct 2020 — In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269 En la función setNotification del archivo SapServer.java, se presenta una posible omisión de permisos debido a un error de PendingIntent. Esto podría conllevar a... • https://source.android.com/security/bulletin/2020-10-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0415
https://notcve.org/view.php?id=CVE-2020-0415
14 Oct 2020 — In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795 En varias ubicaciones en SystemUI, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conllevar a una div... • https://source.android.com/security/bulletin/2020-10-01 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 2CVE-2020-0416
https://notcve.org/view.php?id=CVE-2020-0416
14 Oct 2020 — In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 En múltiples pantallas de configuración, se presentan posibles ataques de tipo tapjacking debido a un valor predeterminado no seguro. Esto podr... • https://github.com/ShaikUsaf/packages_apps_settings_AOSP10_r33_CVE-2020-0416 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26601
https://notcve.org/view.php?id=CVE-2020-26601
06 Oct 2020 — An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020). Se detectó un problema en DirEncryptService en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0). PendingIntent con un intent vacío se maneja inapropiadamente, lo que permite a un ataca... • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26604
https://notcve.org/view.php?id=CVE-2020-26604
06 Oct 2020 — An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). Se detectó un problema en SystemUI en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0), Q(10.0) y R(11.0). PendingIntent permite a un proceso no privilegiado acceder a los números de contacto. • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26606
https://notcve.org/view.php?id=CVE-2020-26606
06 Oct 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0), Q(10.0) y R(11.0). Un atacante puede acceder a determinado contenido de Secure Folder mediante un comando de depuración. • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26607
https://notcve.org/view.php?id=CVE-2020-26607
06 Oct 2020 — An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020). Se detectó un problema en TimaService en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0). PendingIntent con un intent vacío se maneja inapropiadamente, lo que permite a un atacante realizar... • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26603
https://notcve.org/view.php?id=CVE-2020-26603
06 Oct 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0). Sticker Center permite un salto de directorio para que un proceso no privilegiado lea archivos arbitrarios. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •