CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2020-0020 119 Overflow 2020-02-13 2020-02-18
4.9
None Local Low Not required Complete None None
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731
1202 CVE-2020-0019 798 2020-12-14 2021-07-21
2.1
None Local Low Not required Partial None None
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798
1203 CVE-2020-0018 532 2020-02-13 2020-02-18
2.1
None Local Low Not required Partial None None
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
1204 CVE-2020-0017 200 +Info 2020-02-13 2021-07-21
3.3
None Local Medium Not required Partial Partial None
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892
1205 CVE-2020-0016 798 2020-12-14 2020-12-16
7.2
None Local Low Not required Complete Complete Complete
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483
1206 CVE-2020-0015 269 2020-02-13 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139017101
1207 CVE-2020-0014 1021 2020-02-13 2020-02-19
4.3
None Remote Medium Not required Partial None None
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520
1208 CVE-2020-0012 787 2020-03-10 2020-03-11
7.2
None Local Low Not required Complete Complete Complete
In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844
1209 CVE-2020-0011 787 2020-03-10 2020-03-11
7.2
None Local Low Not required Complete Complete Complete
In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A
1210 CVE-2020-0010 787 2020-03-10 2020-03-11
7.2
None Local Low Not required Complete Complete Complete
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A
1211 CVE-2020-0009 276 Bypass 2020-01-08 2020-06-10
2.1
None Local Low Not required None Partial None
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
1212 CVE-2020-0008 362 2020-01-08 2022-01-01
1.9
None Local Medium Not required Partial None None
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228
1213 CVE-2020-0007 908 2020-01-08 2022-01-01
2.1
None Local Low Not required Partial None None
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807
1214 CVE-2020-0006 908 2020-01-08 2022-01-01
4.3
None Remote Medium Not required Partial None None
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828
1215 CVE-2020-0005 787 2020-02-13 2020-02-18
7.2
None Local Low Not required Complete Complete Complete
In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859
1216 CVE-2020-0004 755 DoS 2020-01-08 2022-01-01
4.9
None Local Low Not required None None Complete
In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476
1217 CVE-2020-0003 367 Bypass 2020-01-08 2020-01-29
3.7
None Local High Not required Partial Partial Partial
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904
1218 CVE-2020-0002 787 Exec Code 2020-01-08 2022-01-01
9.3
None Remote Medium Not required Complete Complete Complete
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711
1219 CVE-2020-0001 269 2020-01-08 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304
1220 CVE-2019-20785 908 2020-04-17 2020-04-24
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).
1221 CVE-2019-20784 2020-04-17 2020-04-24
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).
1222 CVE-2019-20783 287 Bypass 2020-04-17 2021-07-21
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019).
1223 CVE-2019-20782 120 Overflow 2020-04-17 2020-04-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. LG Advanced Flash (LAF) has a buffer overflow. The LG ID is LVE-SMP-190001 (March 2019).
1224 CVE-2019-20780 20 2020-04-17 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).
1225 CVE-2019-20779 20 2020-04-17 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).
1226 CVE-2019-20778 20 2020-04-17 2020-04-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is LVE-SMP-190004 (June 2019).
1227 CVE-2019-20776 20 2020-04-17 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).
1228 CVE-2019-20774 200 +Info 2020-04-17 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).
1229 CVE-2019-20773 74 Exec Code 2020-04-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 (August 2019).
1230 CVE-2019-20772 863 Bypass 2020-04-17 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019).
1231 CVE-2019-20771 287 2020-04-17 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019).
1232 CVE-2019-20770 120 Exec Code Overflow 2020-04-17 2020-04-22
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 9.0 software. The HAL service has a buffer overflow that leads to arbitrary code execution. The LG ID is LVE-SMP-190013 (September 2019).
1233 CVE-2019-20625 200 +Info 2020-03-24 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).
1234 CVE-2019-20624 200 +Info 2020-03-24 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019).
1235 CVE-2019-20623 908 2020-03-24 2020-08-24
1.9
None Local Medium Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).
1236 CVE-2019-20622 787 Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).
1237 CVE-2019-20621 787 Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).
1238 CVE-2019-20620 287 2020-03-24 2020-03-26
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019).
1239 CVE-2019-20619 200 +Info 2020-03-24 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019).
1240 CVE-2019-20618 287 2020-03-24 2020-03-26
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019).
1241 CVE-2019-20617 200 +Info 2020-03-24 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019).
1242 CVE-2019-20616 200 +Info 2020-03-24 2020-03-27
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).
1243 CVE-2019-20615 20 Bypass 2020-03-24 2021-07-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).
1244 CVE-2019-20614 200 +Info 2020-03-24 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019).
1245 CVE-2019-20613 89 Sql 2020-03-24 2020-03-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019).
1246 CVE-2019-20612 DoS 2020-03-24 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019).
1247 CVE-2019-20611 787 Exec Code Overflow 2020-03-24 2020-03-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).
1248 CVE-2019-20609 200 +Info 2020-03-24 2021-07-21
3.3
None Local Network Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019).
1249 CVE-2019-20608 2020-03-24 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019).
1250 CVE-2019-20606 20 2020-03-24 2021-07-21
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019).
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.