CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score >= 2)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-22272 863 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
2 CVE-2022-22271 20 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
3 CVE-2022-22270 552 2022-01-10 2022-01-14
4.3
None Remote Medium Not required Partial None None
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
4 CVE-2022-22269 552 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
5 CVE-2022-22268 552 2022-01-10 2022-01-14
3.6
None Local Low Not required Partial Partial None
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
6 CVE-2022-22267 552 2022-01-10 2022-01-14
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
7 CVE-2022-22266 269 2022-01-10 2022-01-14
2.1
None Local Low Not required Partial None None
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
8 CVE-2022-22264 20 2022-01-10 2022-01-14
3.6
None Local Low Not required Partial Partial None
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
9 CVE-2022-22263 269 2022-01-10 2022-01-14
2.1
None Local Low Not required None Partial None
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
10 CVE-2021-39657 125 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel
11 CVE-2021-39656 416 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel
12 CVE-2021-39655 269 2021-12-15 2021-12-20
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A
13 CVE-2021-39653 269 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A
14 CVE-2021-39652 787 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A
15 CVE-2021-39651 276 Bypass 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A
16 CVE-2021-39650 787 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A
17 CVE-2021-39649 416 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A
18 CVE-2021-39647 667 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A
19 CVE-2021-39646 668 2021-12-15 2021-12-17
5.0
None Remote Low Not required Partial None None
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A
20 CVE-2021-39645 269 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A
21 CVE-2021-39644 269 2021-12-15 2021-12-17
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A
22 CVE-2021-39643 269 Bypass 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A
23 CVE-2021-39642 362 2021-12-15 2021-12-20
4.4
None Local Medium Not required Partial Partial Partial
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A
24 CVE-2021-39641 269 2021-12-15 2021-12-20
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A
25 CVE-2021-39640 787 2021-12-15 2021-12-20
7.2
None Local Low Not required Complete Complete Complete
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A
26 CVE-2021-39639 276 2021-12-15 2021-12-20
7.2
None Local Low Not required Complete Complete Complete
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A
27 CVE-2021-39638 416 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A
28 CVE-2021-39637 125 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A
29 CVE-2021-39636 909 +Info 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel
30 CVE-2021-39628 668 Exec Code 2022-01-14 2022-01-15
2.1
None Local Low Not required Partial None None
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031
31 CVE-2021-39625 269 +Priv 2022-01-14 2022-01-15
6.9
None Local Medium Not required Complete Complete Complete
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347
32 CVE-2021-39623 269 2022-01-14 2022-01-15
10.0
None Remote Low Not required Complete Complete Complete
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348
33 CVE-2021-39622 281 Bypass 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648
34 CVE-2021-39620 416 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542
35 CVE-2021-39618 269 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999
36 CVE-2021-38591 2021-08-12 2021-08-20
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
37 CVE-2021-30162 Bypass 2021-04-06 2021-04-13
3.6
None Local Low Not required Partial Partial None
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
38 CVE-2021-30161 Bypass 2021-04-06 2021-04-12
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).
39 CVE-2021-27901 2021-03-02 2021-03-08
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
40 CVE-2021-26689 416 2021-02-04 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
41 CVE-2021-26687 2021-02-04 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
42 CVE-2021-25519 732 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
43 CVE-2021-25518 119 Exec Code Overflow 2021-12-08 2021-12-13
4.6
None Local Low Not required Partial Partial Partial
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
44 CVE-2021-25517 20 Exec Code 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.
45 CVE-2021-25516 755 2021-12-08 2021-12-13
5.0
None Remote Low Not required Partial None None
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
46 CVE-2021-25515 269 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
47 CVE-2021-25514 2021-12-08 2021-12-10
4.3
None Remote Medium Not required Partial None None
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
48 CVE-2021-25513 269 2021-12-08 2021-12-10
2.1
None Local Low Not required Partial None None
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.
49 CVE-2021-25512 20 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.
50 CVE-2021-25511 22 Dir. Trav. 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
Total number of vulnerabilities : 3981   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.