CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39645 269 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A
2 CVE-2021-39623 269 2022-01-14 2022-01-15
10.0
None Remote Low Not required Complete Complete Complete
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348
3 CVE-2021-1049 2022-01-14 2022-01-20
10.0
None Remote Low Not required Complete Complete Complete
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722
4 CVE-2021-0967 787 Exec Code 2021-12-15 2021-12-17
9.3
None Remote Medium Not required Complete Complete Complete
In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614
5 CVE-2021-0956 787 2021-12-15 2021-12-20
10.0
None Remote Low Not required Complete Complete Complete
In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532
6 CVE-2021-0930 787 Exec Code 2021-12-15 2021-12-17
8.3
None Local Network Low Not required Complete Complete Complete
In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091
7 CVE-2021-0918 787 Exec Code 2021-12-15 2021-12-17
8.3
None Local Network Low Not required Complete Complete Complete
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150
8 CVE-2021-0889 Exec Code 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296
9 CVE-2021-0870 362 Exec Code Mem. Corr. 2021-10-22 2021-11-29
9.3
None Remote Medium Not required Complete Complete Complete
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262
10 CVE-2021-0592 787 Exec Code 2021-07-14 2021-07-16
9.3
None Remote Medium Not required Complete Complete Complete
In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006
11 CVE-2021-0515 787 Exec Code 2021-07-14 2021-07-16
10.0
None Remote Low Not required Complete Complete Complete
In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063
12 CVE-2021-0514 362 Exec Code 2021-07-14 2021-07-16
9.3
None Remote Medium Not required Complete Complete Complete
In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069
13 CVE-2021-0507 787 Exec Code 2021-06-21 2021-06-22
8.3
None Local Network Low Not required Complete Complete Complete
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042
14 CVE-2021-0481 269 2021-06-11 2021-06-15
9.3
None Remote Medium Not required Complete Complete Complete
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189
15 CVE-2021-0475 416 Exec Code Mem. Corr. 2021-06-11 2021-06-14
8.3
None Local Network Low Not required Complete Complete Complete
In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168
16 CVE-2021-0474 787 Exec Code Overflow 2021-06-11 2021-06-14
10.0
None Remote Low Not required Complete Complete Complete
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958
17 CVE-2021-0473 415 Exec Code 2021-06-11 2021-06-14
8.3
None Local Network Low Not required Complete Complete Complete
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208
18 CVE-2021-0430 787 Exec Code 2021-04-13 2021-05-04
10.0
None Remote Low Not required Complete Complete Complete
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766
19 CVE-2021-0340 212 +Info 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
20 CVE-2021-0339 754 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687
21 CVE-2021-0325 787 Exec Code Overflow 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784
22 CVE-2021-0324 2021-06-14 2021-06-21
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android SoCAndroid ID: A-175402462
23 CVE-2021-0316 787 Exec Code 2021-01-11 2021-01-13
10.0
None Remote Low Not required Complete Complete Complete
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990.
24 CVE-2021-0305 1021 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447
25 CVE-2021-0302 1021 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782
26 CVE-2020-12746 787 Exec Code Overflow Bypass 2020-05-11 2020-05-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).
27 CVE-2020-11600 787 Exec Code 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020).
28 CVE-2020-10850 120 Exec Code Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020).
29 CVE-2020-10837 119 Exec Code Overflow 2020-03-24 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020).
30 CVE-2020-8899 787 Exec Code Overflow 2020-05-06 2020-05-15
10.0
None Remote Low Not required Complete Complete Complete
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.
31 CVE-2020-0458 190 Exec Code Overflow 2020-12-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
32 CVE-2020-0451 787 Exec Code Overflow 2020-11-10 2020-11-10
9.3
None Remote Medium Not required Complete Complete Complete
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825
33 CVE-2020-0449 416 Exec Code Mem. Corr. 2020-11-10 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143
34 CVE-2020-0416 1188 2020-10-14 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585
35 CVE-2020-0387 269 2020-09-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804
36 CVE-2020-0380 787 Exec Code 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979
37 CVE-2020-0376 125 2020-10-14 2020-10-15
9.4
None Remote Low Not required Complete None Complete
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156
38 CVE-2020-0371 125 2020-10-14 2020-10-15
9.4
None Remote Low Not required Complete None Complete
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256
39 CVE-2020-0367 787 2020-10-14 2020-10-15
9.4
None Remote Low Not required None Complete Complete
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455
40 CVE-2020-0342 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576
41 CVE-2020-0339 125 2020-10-14 2020-10-15
9.4
None Remote Low Not required Complete None Complete
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705
42 CVE-2020-0283 787 2020-10-14 2020-10-15
9.4
None Remote Low Not required None Complete Complete
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257
43 CVE-2020-0278 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574
44 CVE-2020-0267 610 2020-09-17 2020-09-23
9.3
None Remote Medium Not required Complete Complete Complete
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211
45 CVE-2020-0253 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365
46 CVE-2020-0252 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803
47 CVE-2020-0245 787 Exec Code Overflow 2020-09-17 2020-09-23
9.3
None Remote Medium Not required Complete Complete Complete
In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149
48 CVE-2020-0240 787 Exec Code Overflow 2020-08-11 2020-08-12
9.3
None Remote Medium Not required Complete Complete Complete
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594
49 CVE-2020-0229 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725
50 CVE-2020-0225 787 Exec Code 2020-07-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
Total number of vulnerabilities : 927   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.