CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0101
https://notcve.org/view.php?id=CVE-2020-0101
14 May 2020 — In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096 En la función BnCrypto::onTransact del archivo ICrypto.cpp, se presenta una posible divulgación de información debido a datos no inicializados. Esto podría conllevar a una... • https://source.android.com/security/bulletin/2020-05-01 • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0098
https://notcve.org/view.php?id=CVE-2020-0098
14 May 2020 — In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 En la función navigationUpToLocked del archivo ActivityStack.java, se presenta una posible omisión de permisos debido a un problema de tipo confused deputy. Esto po... • https://source.android.com/security/bulletin/2020-05-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0102
https://notcve.org/view.php?id=CVE-2020-0102
14 May 2020 — In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677 En la función GattServer::SendResponse del archivo gatt_server.cc, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorr... • https://source.android.com/security/bulletin/2020-05-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0024
https://notcve.org/view.php?id=CVE-2020-0024
14 May 2020 — In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 En la función onCreate del archivo SettingsBaseActivity.java, se presenta una posible modificación de configuración no autorizada debido a una omisión d... • https://source.android.com/security/bulletin/2020-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12754
https://notcve.org/view.php?id=CVE-2020-12754
11 May 2020 — An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). Se detectó un problema en los dispositivos móviles LG con software de Sistema Operativo Android versiones 7.2, 8.0, 8.1, 9 y 10. Una aplicación diseñada puede obtener el control de entrada del dispositivo por medio del servicio del sistema de ventanas. • https://lgsecurity.lge.com •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 2CVE-2020-12753
https://notcve.org/view.php?id=CVE-2020-12753
11 May 2020 — An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020). Se descubrió un problema en los dispositivos móviles LG con software Android OS 7.2, 8.0, 8.1, 9 y 10. La ejecución de código arbitrario puede ocurrir a través del gestor de arranque debido a una vulnerabilidad de arranque en frío EL1 / EL3 que involuc... • https://github.com/shinyquagsire23/CVE-2020-12753-PoC • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-12751
https://notcve.org/view.php?id=CVE-2020-12751
11 May 2020 — An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.X), P(9.0) y Q(10.0). La biblioteca de códec de imagen Quram permite a atacantes sobrescribir la memoria y ejecutar código arbitrario... • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-12746
https://notcve.org/view.php?id=CVE-2020-12746
11 May 2020 — An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.X), P(9.0) y Q(10.0) (chipsets Exynos). Los atacantes pueden omitir el mecanismo de protección del Cargador de Arranque por medio de un desbord... • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 10%CPEs: 4EXPL: 2CVE-2020-8899 – Memory corruption in Quram library when decoding qmg can lead to RCE
https://notcve.org/view.php?id=CVE-2020-8899
06 May 2020 — There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. Se presenta una vulnerabilidad de sobrescritura del búfer en la biblioteca Quram qmg del sistema operativo... • https://packetstorm.news/files/id/157620 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0073
https://notcve.org/view.php?id=CVE-2020-0073
17 Apr 2020 — In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147309942 En la función rw_t2t_handle_tlv_detect_rsp del archivo rw_t2t_ndef.cc, hay una posible escritura fuera de límites debido a una falta de comprobación d... • https://source.android.com/security/bulletin/2020-04-01 • CWE-787: Out-of-bounds Write •