CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2021-0387 362 2021-03-10 2021-03-12
6.9
None Local Medium Not required Complete Complete Complete
In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939
502 CVE-2021-0386 2021-03-10 2021-03-12
6.8
None Remote Medium Not required Partial Partial Partial
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110
503 CVE-2021-0385 269 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372
504 CVE-2021-0383 269 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056
505 CVE-2021-0382 276 2021-03-10 2021-03-12
2.1
None Local Low Not required Partial None None
In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140727941
506 CVE-2021-0381 276 Bypass 2021-03-10 2021-03-12
2.1
None Local Low Not required Partial None None
In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153466381
507 CVE-2021-0380 276 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172459128
508 CVE-2021-0379 125 Overflow 2021-03-10 2021-03-12
4.3
None Remote Medium Not required Partial None None
In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154075955
509 CVE-2021-0378 125 Overflow 2021-03-10 2021-03-12
4.3
None Remote Medium Not required Partial None None
In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154076193
510 CVE-2021-0377 Bypass 2021-03-10 2021-03-17
2.1
None Local Low Not required None Partial None
In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689
511 CVE-2021-0376 269 Bypass 2021-03-10 2021-03-17
4.6
None Local Low Not required Partial Partial Partial
In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-115619667
512 CVE-2021-0375 330 2021-03-10 2021-03-12
2.1
None Local Low Not required None Partial None
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484
513 CVE-2021-0374 125 2021-03-10 2021-03-12
2.1
None Local Low Not required Partial None None
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169572641
514 CVE-2021-0372 269 Bypass 2021-03-10 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735
515 CVE-2021-0371 125 2021-03-10 2021-03-15
4.6
None Local Low Not required Partial Partial Partial
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-164440989
516 CVE-2021-0370 787 2021-03-10 2021-03-15
4.6
None Local Low Not required Partial Partial Partial
In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169259605
517 CVE-2021-0369 269 Exec Code 2021-03-10 2021-03-15
4.4
None Local Medium Not required Partial Partial Partial
In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166561076
518 CVE-2021-0368 125 2021-03-10 2021-03-15
4.3
None Remote Medium Not required Partial None None
In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169829774
519 CVE-2021-0367 362 Mem. Corr. 2021-02-26 2021-03-02
6.9
None Local Medium Not required Complete Complete Complete
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.
520 CVE-2021-0366 362 Mem. Corr. 2021-02-26 2021-03-02
6.9
None Local Medium Not required Complete Complete Complete
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.
521 CVE-2021-0365 416 Mem. Corr. 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05454782.
522 CVE-2021-0364 77 Exec Code 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In mobile_log_d, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05458478; Issue ID: ALPS05458503.
523 CVE-2021-0363 77 Exec Code 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05458478.
524 CVE-2021-0362 787 Overflow Mem. Corr. 2021-02-03 2021-02-04
4.6
None Local Low Not required Partial Partial Partial
In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.
525 CVE-2021-0361 125 2021-02-03 2021-02-04
4.6
None Local Low Not required Partial Partial Partial
In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.
526 CVE-2021-0360 787 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442006.
527 CVE-2021-0359 787 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442011.
528 CVE-2021-0358 77 Exec Code 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442022.
529 CVE-2021-0357 787 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442002.
530 CVE-2021-0356 77 Exec Code 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442014.
531 CVE-2021-0355 190 Overflow 2021-02-03 2021-02-04
4.6
None Local Low Not required Partial Partial Partial
In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.
532 CVE-2021-0354 787 Overflow 2021-02-03 2021-02-23
4.6
None Local Low Not required Partial Partial Partial
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05431161.
533 CVE-2021-0353 787 Overflow Mem. Corr. 2021-02-03 2021-02-04
4.6
None Local Low Not required Partial Partial Partial
In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.
534 CVE-2021-0352 843 DoS Mem. Corr. 2021-02-03 2021-02-23
2.1
None Local Low Not required None None Partial
In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809.
535 CVE-2021-0351 DoS 2021-02-04 2021-02-23
7.8
None Remote Low Not required None None Complete
In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05412917.
536 CVE-2021-0350 20 DoS 2021-02-04 2021-02-23
4.9
None Local Low Not required None None Complete
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05342338.
537 CVE-2021-0349 416 Mem. Corr. 2021-02-04 2021-02-23
7.2
None Local Low Not required Complete Complete Complete
In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05362646.
538 CVE-2021-0348 787 2021-02-04 2021-02-23
7.2
None Local Low Not required Complete Complete Complete
In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05349201.
539 CVE-2021-0347 125 2021-02-04 2021-02-23
2.1
None Local Low Not required Partial None None
In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05377188.
540 CVE-2021-0346 787 2021-02-04 2021-02-23
7.2
None Local Low Not required Complete Complete Complete
In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580.
541 CVE-2021-0345 269 2021-02-04 2021-02-23
7.2
None Local Low Not required Complete Complete Complete
In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05432974.
542 CVE-2021-0344 Mem. Corr. 2021-02-04 2021-02-23
7.2
None Local Low Not required Complete Complete Complete
In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05437558.
543 CVE-2021-0343 787 2021-02-04 2021-02-05
7.2
None Local Low Not required Complete Complete Complete
In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.
544 CVE-2021-0342 416 Mem. Corr. 2021-01-11 2021-01-13
4.6
None Local Low Not required Partial Partial Partial
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.
545 CVE-2021-0341 295 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
546 CVE-2021-0340 212 +Info 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
547 CVE-2021-0339 754 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687
548 CVE-2021-0338 119 DoS Overflow 2021-02-10 2021-02-12
4.9
None Local Low Not required None None Complete
In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178
549 CVE-2021-0337 312 2021-02-10 2021-02-12
7.2
None Local Low Not required Complete Complete Complete
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195
550 CVE-2021-0336 269 Bypass 2021-02-10 2021-02-12
7.2
None Local Low Not required Complete Complete Complete
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.