Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15650 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
|
|||||
| CVE-2020-15649 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
|
|||||
| CVE-2020-15647 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 5.0 MEDIUM | 7.4 HIGH |
|
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android.
|
|||||
| CVE-2020-15584 | 1 Google | 1 Android | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).
|
|||||
| CVE-2020-15583 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).
|
|||||
| CVE-2020-15582 | 2 Google, Samsung | 2 Android, Exynos 7885 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).
|
|||||
| CVE-2020-15581 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).
|
|||||
| CVE-2020-15580 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).
|
|||||
| CVE-2020-15579 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).
|
|||||
| CVE-2020-15578 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020).
|
|||||
| CVE-2020-15577 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).
|
|||||
| CVE-2020-13843 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
|
|||||
| CVE-2020-13842 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
|
|||||
| CVE-2020-13841 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
|
|||||
| CVE-2020-13840 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
|
|||||
| CVE-2020-13839 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
|
|||||
| CVE-2020-13838 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 3.5 LOW |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).
|
|||||
| CVE-2020-13837 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 3.5 LOW |
|
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).
|
|||||
| CVE-2020-13836 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).
|
|||||
| CVE-2020-13835 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).
|
|||||
| CVE-2020-13834 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).
|
|||||
| CVE-2020-13833 | 1 Google | 1 Android | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).
|
|||||
| CVE-2020-13832 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).
|
|||||
| CVE-2020-13831 | 2 Google, Samsung | 2 Android, Exynos 7570 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).
|
|||||
| CVE-2020-13830 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).
|
|||||
| CVE-2020-13829 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020).
|
|||||
| CVE-2020-12754 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020).
|
|||||
| CVE-2020-12753 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).
|
|||||
| CVE-2020-12752 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020).
|
|||||
| CVE-2020-12751 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020).
|
|||||
| CVE-2020-12750 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020).
|
|||||
| CVE-2020-12749 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020).
|
|||||
| CVE-2020-12748 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020).
|
|||||
| CVE-2020-12747 | 2 Google, Samsung | 3 Android, Exynos980\(9630\), Exynos990\(9830\) | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).
|
|||||
| CVE-2020-12746 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).
|
|||||
| CVE-2020-12745 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020).
|
|||||
| CVE-2020-11875 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).
|
|||||
| CVE-2020-11874 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).
|
|||||
| CVE-2020-11873 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID is LVE-SMP-200005 (April 2020).
|
|||||
| CVE-2020-11836 | 2 Google, Oppo | 19 Android, A12, A15 and 16 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.
|
|||||