CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2021-0443 362 2021-04-13 2021-04-16
1.9
None Local Medium Not required Partial None None
In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245
452 CVE-2021-0442 416 Exec Code 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985
453 CVE-2021-0441 276 Bypass 2021-07-14 2021-07-15
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520
454 CVE-2021-0439 787 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830
455 CVE-2021-0438 269 2021-04-13 2021-04-16
4.4
None Local Medium Not required Partial Partial Partial
In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592
456 CVE-2021-0437 415 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
457 CVE-2021-0436 190 Overflow 2021-04-13 2021-04-16
2.1
None Local Low Not required Partial None None
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160
458 CVE-2021-0435 665 Exec Code +Info 2021-04-13 2021-04-16
5.0
None Remote Low Not required Partial None None
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
459 CVE-2021-0434 269 2021-12-15 2021-12-17
6.9
None Local Medium Not required Complete Complete Complete
In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112
460 CVE-2021-0433 269 Bypass 2021-04-13 2021-04-16
5.4
None Local Network Medium Not required Partial Partial Partial
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090
461 CVE-2021-0432 362 2021-04-13 2021-04-16
4.4
None Local Medium Not required Partial Partial Partial
In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790
462 CVE-2021-0431 125 2021-04-13 2021-04-16
5.0
None Remote Low Not required Partial None None
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901
463 CVE-2021-0430 787 Exec Code 2021-04-13 2021-05-04
10.0
None Remote Low Not required Complete Complete Complete
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766
464 CVE-2021-0429 416 Mem. Corr. 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139
465 CVE-2021-0428 276 2021-04-13 2021-12-16
2.1
None Local Low Not required Partial None None
In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173421434
466 CVE-2021-0427 787 Overflow 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848
467 CVE-2021-0426 787 Overflow 2021-04-13 2021-04-16
4.6
None Local Low Not required Partial Partial Partial
In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572
468 CVE-2021-0420 119 DoS Overflow 2021-08-18 2021-08-24
4.9
None Local Low Not required None None Complete
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.
469 CVE-2021-0419 20 DoS 2021-08-18 2021-08-24
4.9
None Local Low Not required None None Complete
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.
470 CVE-2021-0418 20 DoS 2021-08-18 2021-08-24
4.9
None Local Low Not required None None Complete
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.
471 CVE-2021-0417 20 DoS 2021-08-18 2021-08-24
4.9
None Local Low Not required None None Complete
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.
472 CVE-2021-0416 20 DoS 2021-08-18 2021-08-24
4.9
None Local Low Not required None None Complete
In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.
473 CVE-2021-0415 863 2021-08-18 2021-08-24
2.1
None Local Low Not required Partial None None
In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692.
474 CVE-2021-0414 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.
475 CVE-2021-0413 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379; Issue ID: ALPS05561379.
476 CVE-2021-0412 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561366; Issue ID: ALPS05561366.
477 CVE-2021-0411 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.
478 CVE-2021-0410 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.
479 CVE-2021-0409 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359.
480 CVE-2021-0408 125 2021-08-18 2021-08-24
2.1
None Local Low Not required Partial None None
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.
481 CVE-2021-0407 787 2021-08-18 2021-08-24
4.6
None Local Low Not required Partial Partial Partial
In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.
482 CVE-2021-0406 787 2021-02-26 2021-03-04
7.2
None Local Low Not required Complete Complete Complete
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418.
483 CVE-2021-0405 787 2021-02-26 2021-03-02
7.2
None Local Low Not required Complete Complete Complete
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547.
484 CVE-2021-0404 200 +Info 2021-02-26 2021-03-02
2.1
None Local Low Not required Partial None None
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.
485 CVE-2021-0403 200 +Info 2021-02-26 2021-03-02
2.1
None Local Low Not required Partial None None
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.
486 CVE-2021-0402 787 2021-02-26 2021-03-02
7.2
None Local Low Not required Complete Complete Complete
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.
487 CVE-2021-0401 362 Mem. Corr. 2021-02-26 2021-03-02
6.9
None Local Medium Not required Complete Complete Complete
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.
488 CVE-2021-0400 2021-04-13 2021-04-16
2.1
None Local Low Not required None Partial None
In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690
489 CVE-2021-0399 416 Mem. Corr. 2021-03-10 2021-03-15
4.6
None Local Low Not required Partial Partial Partial
In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel
490 CVE-2021-0398 2021-03-10 2021-03-15
4.6
None Local Low Not required Partial Partial Partial
In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173516292
491 CVE-2021-0397 415 Exec Code 2021-03-10 2021-03-15
7.5
None Remote Low Not required Partial Partial Partial
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148
492 CVE-2021-0396 787 Exec Code 2021-03-10 2021-03-15
7.5
None Remote Low Not required Partial Partial Partial
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106
493 CVE-2021-0395 416 Mem. Corr. 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126
494 CVE-2021-0394 125 2021-03-10 2021-03-12
2.1
None Local Low Not required Partial None None
In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291
495 CVE-2021-0393 787 Exec Code Overflow 2021-03-10 2021-03-12
6.8
None Remote Medium Not required Partial Partial Partial
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375
496 CVE-2021-0392 415 Mem. Corr. 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730
497 CVE-2021-0391 2021-03-10 2021-03-12
6.8
None Remote Medium Not required Partial Partial Partial
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550
498 CVE-2021-0390 732 2021-03-10 2021-03-17
4.6
None Local Low Not required Partial Partial Partial
In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461
499 CVE-2021-0389 276 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904
500 CVE-2021-0388 269 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.