CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2020-27025 200 Bypass +Info 2020-12-15 2021-07-21
2.1
None Local Low Not required Partial None None
In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156008365
652 CVE-2020-27024 125 2020-12-15 2020-12-15
5.0
None Remote Low Not required Partial None None
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732
653 CVE-2020-27023 200 Bypass +Info 2020-12-15 2021-07-21
2.1
None Local Low Not required Partial None None
In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156009462
654 CVE-2020-27021 125 2020-12-15 2020-12-15
2.1
None Local Low Not required Partial None None
In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245
655 CVE-2020-26607 269 2020-10-06 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020).
656 CVE-2020-26606 200 +Info 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).
657 CVE-2020-26605 532 +Info 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020).
658 CVE-2020-26604 269 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
659 CVE-2020-26603 22 Dir. Trav. 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020).
660 CVE-2020-26602 668 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).
661 CVE-2020-26601 269 2020-10-06 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020).
662 CVE-2020-26600 200 +Info 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020).
663 CVE-2020-26599 287 2020-10-06 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020).
664 CVE-2020-26598 862 2020-10-06 2020-10-08
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020).
665 CVE-2020-26597 20 2020-10-06 2020-10-08
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020).
666 CVE-2020-25283 863 Bypass 2020-09-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).
667 CVE-2020-25282 863 Bypass 2020-09-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).
668 CVE-2020-25281 2020-09-11 2020-09-17
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).
669 CVE-2020-25280 Exec Code 2020-09-11 2020-09-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).
670 CVE-2020-25279 120 Exec Code Overflow 2020-09-11 2020-09-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).
671 CVE-2020-25278 787 Exec Code 2020-09-11 2020-09-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).
672 CVE-2020-25065 203 2020-08-31 2020-09-01
7.8
None Remote Low Not required Complete None None
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).
673 CVE-2020-25064 2020-08-31 2020-09-01
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).
674 CVE-2020-25063 20 2020-08-31 2020-09-01
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).
675 CVE-2020-25062 269 Bypass 2020-08-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).
676 CVE-2020-25061 2020-08-31 2020-09-01
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).
677 CVE-2020-25060 269 +Priv 2020-08-31 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).
678 CVE-2020-25059 20 2020-08-31 2020-09-01
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).
679 CVE-2020-25058 2020-08-31 2020-09-01
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).
680 CVE-2020-25057 2020-08-31 2020-09-01
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).
681 CVE-2020-25055 863 Bypass 2020-08-31 2020-09-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020).
682 CVE-2020-25051 Bypass 2020-08-31 2020-09-03
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).
683 CVE-2020-25050 +Info 2020-08-31 2020-09-03
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).
684 CVE-2020-25049 863 2020-08-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).
685 CVE-2020-25048 74 2020-08-31 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).
686 CVE-2020-25047 2020-08-31 2020-09-03
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).
687 CVE-2020-25046 532 +Info 2020-08-31 2020-09-03
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).
688 CVE-2020-15584 119 Overflow 2020-07-07 2021-07-21
7.1
None Remote Medium Not required None None Complete
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).
689 CVE-2020-15583 22 Dir. Trav. 2020-07-07 2020-07-10
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).
690 CVE-2020-15581 200 +Info 2020-07-07 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).
691 CVE-2020-15580 Bypass 2020-07-07 2020-07-10
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).
692 CVE-2020-15579 Bypass 2020-07-07 2020-07-10
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).
693 CVE-2020-15578 276 2020-07-07 2020-07-10
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020).
694 CVE-2020-15577 2020-07-07 2020-07-10
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).
695 CVE-2020-13843 20 DoS 2020-06-05 2021-07-21
4.9
None Local Low Not required None None Complete
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
696 CVE-2020-13838 287 2020-06-04 2021-07-21
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).
697 CVE-2020-13837 287 2020-06-04 2021-07-21
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).
698 CVE-2020-13836 22 Dir. Trav. 2020-06-04 2020-06-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).
699 CVE-2020-13835 522 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).
700 CVE-2020-13834 863 2020-06-04 2020-06-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.