CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0247
https://notcve.org/view.php?id=CVE-2020-0247
11 Aug 2020 — In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 En la función Threshold::getHistogram del archivo ImageProcessHelper.java, se presenta un posible bucle de bloqueo debido a una excepción no detectada. Esto podría conllevar a una denega... • https://source.android.com/security/bulletin/2020-08-01 • CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0243
https://notcve.org/view.php?id=CVE-2020-0243
11 Aug 2020 — In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303 En la función clearPropValue del archivo MediaAnalyticsItem.cpp, se presenta un posible uso de la memoria previamente liberada debido a un bloqueo i... • https://source.android.com/security/bulletin/2020-08-01 • CWE-416: Use After Free CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0242
https://notcve.org/view.php?id=CVE-2020-0242
11 Aug 2020 — In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722 En la función reset del archivo NuPlayerDriver.cpp, se presenta un posible uso de la memoria previamente liberada debido a un bloqueo inapropiado. Esto podría co... • https://github.com/pazhanivel07/frameworks_av-10-r33_CVE-2020-0242 • CWE-416: Use After Free CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0241
https://notcve.org/view.php?id=CVE-2020-0241
11 Aug 2020 — In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 En la función NuPlayerStreamListener del archivo NuPlayerStreamListener.cpp, se presenta una posible corrupción de memoria debido a una doble liberación. Esto... • https://github.com/nanopathi/frameworks_av_AOSP10_r33_CVE-2020-0241 • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0238
https://notcve.org/view.php?id=CVE-2020-0238
11 Aug 2020 — In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 En la función updatePreferenceIntents de AccountTypePreferenceLoader, se presenta un posible ataque de tipo co... • https://source.android.com/security/bulletin/2020-08-01 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0224
https://notcve.org/view.php?id=CVE-2020-0224
17 Jul 2020 — In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838 En la función FastKeyAccumulator::GetKeysSlow del archivo keys.cc, se presenta una posible escritura fuera de límites debido a una co... • https://source.android.com/security/bulletin/2020-07-01 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0122
https://notcve.org/view.php?id=CVE-2020-0122
17 Jul 2020 — In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775 En la declaración de permiso para com.google.android.providers.gsf.permission.WRITE_GSERVICES en el archivo AndroidManifes... • https://source.android.com/security/bulletin/2020-07-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-0227
https://notcve.org/view.php?id=CVE-2020-0227
17 Jul 2020 — In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618 En la función onCommand del archivo CompanionDeviceManagerService.java, se present... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2020-0227 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15578
https://notcve.org/view.php?id=CVE-2020-15578
07 Jul 2020 — An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020). Se detectó un problema en dispositivos móviles Samsung con versión de software O(8.x). FactoryCamera no restringe apropiadamente los permisos de tiempo de ejecución. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15579
https://notcve.org/view.php?id=CVE-2020-15579
07 Jul 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020). Se detectó un problema en dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0). Los atacantes pueden omitir el Factory Reset Protection (FRP) por medio de la API KNOX. • https://security.samsungmobile.com/securityUpdate.smsb •