CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26598
https://notcve.org/view.php?id=CVE-2020-26598
06 Oct 2020 — An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020). Se detectó un problema en los dispositivos móviles LG con software de Android OS versiones 8.0, 8.1 y 9.0. El componente Network Management podría permitir a un actor no autorizado eliminar una conexión TCP. • https://lgsecurity.lge.com • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0386
https://notcve.org/view.php?id=CVE-2020-0386
17 Sep 2020 — In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356 En la función onCreate del archivo RequestPermissionActivity.java, se presenta un posible vector de se... • https://source.android.com/security/bulletin/2020-09-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-0394
https://notcve.org/view.php?id=CVE-2020-0394
17 Sep 2020 — In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639 En la función onCreate del archivo BluetoothPairingDialog.java, se presenta un posible vector de tapjack... • https://github.com/ShaikUsaf/packages_apps_settings_AOSP10_r33_CVE-2020-0394 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0396
https://notcve.org/view.php?id=CVE-2020-0396
17 Sep 2020 — In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269 En varios lugares en Telephony, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conllevar a una divulgación de informaci... • https://source.android.com/security/bulletin/2020-09-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0397
https://notcve.org/view.php?id=CVE-2020-0397
17 Sep 2020 — In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443 En la función getNotificationBuilder del archivo CarrierServiceStateTracker.java, se presenta una posible omisión de permisos debido a un Pe... • https://source.android.com/security/bulletin/2020-09-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0395
https://notcve.org/view.php?id=CVE-2020-0395
17 Sep 2020 — In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307 En la función showNotification del archivo EmergencyCallbackModeService.java, se presenta una posible omisión de permisos debido a un PendingInt... • https://source.android.com/security/bulletin/2020-09-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0399
https://notcve.org/view.php?id=CVE-2020-0399
17 Sep 2020 — In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591 En la función showLimitedSimFunctionWarningNotification del archivo NotificationMgr.java, se presenta una posible omisión de permiso... • https://source.android.com/security/bulletin/2020-09-01 •
CVSS: 9.3EPSS: 4%CPEs: 5EXPL: 1CVE-2020-0245
https://notcve.org/view.php?id=CVE-2020-0245
17 Sep 2020 — In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149 En la función DecodeFrameCombinedMode del archivo mixed_decode.cpp, se presenta una posible escritura fuera de límites debido a un desbordamient... • https://github.com/Satheesh575555/frameworks_av_AOSP10_r33_CVE-2020-0245 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-0401
https://notcve.org/view.php?id=CVE-2020-0401
17 Sep 2020 — In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253 En la función setInstallerPackageName del archivo PackageManagerService.java, se presenta una falta de comprobación de permisos. ... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2020-0401 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0383
https://notcve.org/view.php?id=CVE-2020-0383
17 Sep 2020 — In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279 En la función Parse_ins del archivo eas_mdls.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de... • https://source.android.com/security/bulletin/2020-09-01 • CWE-787: Out-of-bounds Write •