Google

Android

8158 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 18.12.2020 09:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:32

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).

  • EPSS 0.6%
  • Veröffentlicht 18.12.2020 09:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:32

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).

  • EPSS 0.42%
  • Veröffentlicht 18.12.2020 09:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:32

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to ...

  • EPSS 0.13%
  • Veröffentlicht 15.12.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:20:44

In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...

  • EPSS 0.13%
  • Veröffentlicht 15.12.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:20:44

In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User ...

  • EPSS 0.16%
  • Veröffentlicht 15.12.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:20:44

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

  • EPSS 0.14%
  • Veröffentlicht 15.12.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:20:44

In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

  • EPSS 0.75%
  • Veröffentlicht 15.12.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:20:44

Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel

  • EPSS 0.69%
  • Veröffentlicht 15.12.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:20:42

In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidV...

  • EPSS 0.14%
  • Veröffentlicht 15.12.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:20:42

In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Pr...