CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-6140 200 Bypass +Info 2013-04-24 2013-05-07
1.9
None Local Medium Not required Partial None None
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
2 CVE-2017-9691 362 2018-03-30 2018-04-23
1.9
None Local Medium Not required Partial None None
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.
3 CVE-2017-13275 125 2018-04-04 2018-05-09
1.9
None Local Medium Not required Partial None None
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.
4 CVE-2018-12440 200 +Info 2018-06-15 2018-08-06
1.9
None Local Medium Not required Partial None None
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
5 CVE-2019-2088 125 2020-03-15 2020-03-17
1.9
None Local Medium Not required Partial None None
In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-143895055
6 CVE-2019-9235 125 2019-09-27 2019-10-03
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053
7 CVE-2019-9236 125 2019-09-27 2019-10-04
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613
8 CVE-2019-9239 125 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487
9 CVE-2019-9240 125 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121150966
10 CVE-2019-9242 125 2019-09-27 2019-10-04
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121035878
11 CVE-2019-9244 125 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977
12 CVE-2019-9246 125 2019-09-27 2019-10-07
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120428637
13 CVE-2019-9251 125 2019-09-27 2019-10-04
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615
14 CVE-2019-9296 125 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089
15 CVE-2019-9344 125 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120845341
16 CVE-2019-9356 125 2019-09-27 2019-10-07
1.9
None Local Medium Not required Partial None None
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111699773
17 CVE-2019-9383 125 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120843827
18 CVE-2019-9421 125 Overflow 2019-09-27 2020-08-24
1.9
None Local Medium Not required Partial None None
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250
19 CVE-2019-20623 908 2020-03-24 2020-08-24
1.9
None Local Medium Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).
20 CVE-2020-0008 362 2020-01-08 2022-01-01
1.9
None Local Medium Not required Partial None None
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228
21 CVE-2020-0052 269 Bypass 2020-03-10 2021-07-21
1.9
None Local Medium Not required None Partial None
In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137102479
22 CVE-2020-0087 200 +Info 2020-03-10 2021-07-21
1.9
None Local Medium Not required Partial None None
In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127989044
23 CVE-2020-0092 200 Bypass +Info 2020-05-14 2020-05-21
1.9
None Local Medium Not required Partial None None
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488
24 CVE-2020-0093 125 2020-05-14 2020-07-27
1.9
None Local Medium Not required Partial None None
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
25 CVE-2020-0199 416 2020-06-11 2021-07-21
1.9
None Local Medium Not required Partial None None
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142142406
26 CVE-2020-0280 125 2020-12-15 2020-12-15
1.9
None Local Medium Not required Partial None None
In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424
27 CVE-2020-0338 Bypass 2020-09-17 2022-01-21
1.9
None Local Medium Not required Partial None None
In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-123700107
28 CVE-2020-0373 362 2020-09-17 2021-07-21
1.9
None Local Medium Not required Partial None None
In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086
29 CVE-2020-10846 20 2020-03-24 2021-07-21
1.9
None Local Medium Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020).
30 CVE-2021-0320 362 Bypass 2021-01-11 2021-01-13
1.9
None Local Medium Not required Partial None None
In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-169933423.
31 CVE-2021-0322 20 2021-01-11 2021-01-13
1.9
None Local Medium Not required Partial None None
In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361.
32 CVE-2021-0443 362 2021-04-13 2021-04-16
1.9
None Local Medium Not required Partial None None
In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245
33 CVE-2021-0444 2021-04-13 2021-04-20
1.9
None Local Medium Not required Partial None None
In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358
34 CVE-2021-0463 125 2021-03-10 2021-03-16
1.9
None Local Medium Not required Partial None None
In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068
35 CVE-2021-0569 1021 2021-06-22 2021-06-24
1.9
None Local Medium Not required Partial None None
In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870
36 CVE-2021-0604 2021-07-14 2021-07-16
1.9
None Local Medium Not required Partial None None
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660
37 CVE-2021-0687 834 DoS 2021-10-06 2022-07-12
1.9
None Local Medium Not required None None Partial
In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943
38 CVE-2021-0702 2021-10-22 2021-10-26
1.9
None Local Medium Not required Partial None None
In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765
39 CVE-2021-0919 190 DoS Overflow 2021-12-15 2021-12-17
1.9
None Local Medium Not required None None Partial
In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441
40 CVE-2021-0973 178 Bypass 2021-12-15 2021-12-17
1.9
None Local Medium Not required Partial None None
In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178
41 CVE-2021-0992 1021 2021-12-15 2022-07-12
1.9
None Local Medium Not required None Partial None
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327
42 CVE-2021-1023 200 +Info 2021-12-15 2021-12-17
1.9
None Local Medium Not required Partial None None
In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195963373
43 CVE-2021-3011 203 2021-01-07 2021-01-20
1.9
None Local Medium Not required Partial None None
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).
44 CVE-2021-25335 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
45 CVE-2021-25390 2021-06-11 2021-06-16
1.9
None Local Medium Not required Partial None None
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
46 CVE-2021-39648 362 2021-12-15 2022-07-12
1.9
None Local Medium Not required Partial None None
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel
47 CVE-2021-39664 125 2022-02-11 2022-02-15
1.9
None Local Medium Not required Partial None None
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029
48 CVE-2021-39727 362 2022-03-16 2022-03-23
1.9
None Local Medium Not required Partial None None
In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A
49 CVE-2021-39792 362 2022-03-16 2022-07-12
1.9
None Local Medium Not required Partial None None
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel
50 CVE-2022-20195 502 DoS 2022-06-15 2022-06-24
1.9
None Local Medium Not required None None Partial
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664
Total number of vulnerabilities : 331   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.