CVE-2020-35549
- EPSS 0.14%
- Veröffentlicht 18.12.2020 09:15:12
- Zuletzt bearbeitet 21.11.2024 05:27:32
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).
CVE-2020-35550
- EPSS 0.6%
- Veröffentlicht 18.12.2020 09:15:12
- Zuletzt bearbeitet 21.11.2024 05:27:32
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).
CVE-2020-35551
- EPSS 0.42%
- Veröffentlicht 18.12.2020 09:15:12
- Zuletzt bearbeitet 21.11.2024 05:27:32
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to ...
CVE-2020-27056
- EPSS 0.13%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...
CVE-2020-27057
- EPSS 0.13%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User ...
CVE-2020-27066
- EPSS 0.16%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-27067
- EPSS 0.14%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...
CVE-2020-27068
- EPSS 0.75%
- Veröffentlicht 15.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:20:44
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
CVE-2020-27038
- EPSS 0.69%
- Veröffentlicht 15.12.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:42
In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidV...
CVE-2020-27039
- EPSS 0.14%
- Veröffentlicht 15.12.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:42
In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Pr...