CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2016-11042 287 Bypass 2020-04-07 2020-04-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).
3102 CVE-2016-11041 287 Bypass 2020-04-07 2020-04-07
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).
3103 CVE-2016-11040 20 Bypass 2020-04-07 2020-04-09
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016).
3104 CVE-2016-11039 476 2020-04-07 2020-04-09
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).
3105 CVE-2016-11036 862 Bypass 2020-04-07 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016).
3106 CVE-2016-11035 119 Overflow 2020-04-07 2020-04-09
4.9
None Local Low Not required None None Complete
An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016).
3107 CVE-2016-11034 755 2020-04-07 2020-04-09
7.1
None Remote Medium Not required None None Complete
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016).
3108 CVE-2016-11033 787 Overflow 2020-04-07 2020-04-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).
3109 CVE-2016-11032 20 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).
3110 CVE-2016-11031 20 2020-04-07 2020-04-07
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).
3111 CVE-2016-11030 362 Overflow 2020-04-07 2020-04-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).
3112 CVE-2016-11029 522 2020-04-07 2020-04-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).
3113 CVE-2016-11027 200 +Info 2020-04-07 2020-04-08
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).
3114 CVE-2016-11026 755 2020-04-07 2020-04-08
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).
3115 CVE-2016-11025 787 Overflow 2020-04-07 2020-04-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).
3116 CVE-2016-10398 264 Bypass 2017-07-17 2017-07-21
7.2
None Local Low Not required Complete Complete Complete
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.
3117 CVE-2016-10393 119 Overflow 2018-03-15 2018-04-06
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer.
3118 CVE-2016-10392 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
3119 CVE-2016-10391 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.
3120 CVE-2016-10390 399 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.
3121 CVE-2016-10389 119 Overflow 2017-08-18 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.
3122 CVE-2016-10388 16 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.
3123 CVE-2016-10387 20 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.
3124 CVE-2016-10386 129 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.
3125 CVE-2016-10385 416 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.
3126 CVE-2016-10384 20 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.
3127 CVE-2016-10383 362 2017-08-18 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
3128 CVE-2016-10382 284 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
3129 CVE-2016-10381 1 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
3130 CVE-2016-10380 1 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
3131 CVE-2016-10347 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.
3132 CVE-2016-10346 190 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.
3133 CVE-2016-10344 476 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
3134 CVE-2016-10343 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.
3135 CVE-2016-10342 119 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.
3136 CVE-2016-10341 264 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.
3137 CVE-2016-10340 119 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.
3138 CVE-2016-10339 200 +Info 2017-06-13 2017-07-08
5.8
None Remote Medium Not required Partial Partial None
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.
3139 CVE-2016-10338 20 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.
3140 CVE-2016-10337 20 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.
3141 CVE-2016-10336 254 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.
3142 CVE-2016-10335 284 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.
3143 CVE-2016-10334 284 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.
3144 CVE-2016-10333 284 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.
3145 CVE-2016-10332 254 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.
3146 CVE-2016-10299 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
3147 CVE-2016-10298 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
3148 CVE-2016-10297 362 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
3149 CVE-2016-10282 264 Exec Code 2017-05-12 2017-05-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.
3150 CVE-2016-10281 264 Exec Code 2017-05-12 2017-05-25
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 (This Page)64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.