CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2021-0635 2021-10-06 2021-10-08
6.8
None Remote Medium Not required Partial Partial Partial
When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-189402477
302 CVE-2021-0634 908 Mem. Corr. 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.
303 CVE-2021-0633 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.
304 CVE-2021-0632 125 2021-10-25 2021-10-26
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05560246; Issue ID: ALPS05551383.
305 CVE-2021-0631 125 DoS 2021-10-25 2021-10-26
5.0
None Remote Low Not required None None Partial
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435.
306 CVE-2021-0630 190 DoS 2021-10-25 2021-10-26
5.0
None Remote Low Not required None None Partial
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.
307 CVE-2021-0628 20 Mem. Corr. 2021-08-18 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.
308 CVE-2021-0627 190 Overflow Mem. Corr. 2021-08-18 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.
309 CVE-2021-0626 787 2021-08-18 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.
310 CVE-2021-0625 667 Mem. Corr. 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.
311 CVE-2021-0618 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561394; Issue ID: ALPS05561394.
312 CVE-2021-0617 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561391; Issue ID: ALPS05561391.
313 CVE-2021-0616 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561389; Issue ID: ALPS05561389.
314 CVE-2021-0615 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.
315 CVE-2021-0614 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528.
316 CVE-2021-0613 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.
317 CVE-2021-0608 610 2021-06-22 2021-06-25
4.6
None Local Low Not required Partial Partial Partial
In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704
318 CVE-2021-0607 119 Exec Code Overflow 2021-06-22 2021-06-25
4.6
None Local Low Not required Partial Partial Partial
In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209
319 CVE-2021-0606 416 2021-06-22 2021-06-25
4.6
None Local Low Not required Partial Partial Partial
In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487
320 CVE-2021-0605 125 2021-06-22 2021-06-25
4.9
None Local Low Not required Complete None None
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
321 CVE-2021-0604 2021-07-14 2021-07-16
1.9
None Local Medium Not required Partial None None
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660
322 CVE-2021-0603 276 2021-07-14 2021-07-16
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425
323 CVE-2021-0602 269 Bypass 2021-07-14 2021-07-14
7.2
None Local Low Not required Complete Complete Complete
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895
324 CVE-2021-0601 787 Exec Code 2021-07-14 2021-07-15
4.9
None Local Low Not required Complete None None
In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802
325 CVE-2021-0600 20 2021-07-14 2021-07-15
6.9
None Local Medium Not required Complete Complete Complete
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963
326 CVE-2021-0599 610 2021-07-14 2021-07-15
4.9
None Local Low Not required Complete None None
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289
327 CVE-2021-0598 269 2021-10-06 2021-10-08
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108
328 CVE-2021-0597 862 2021-07-14 2021-07-15
4.9
None Local Low Not required Complete None None
In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502
329 CVE-2021-0596 125 2021-07-14 2021-07-16
7.8
None Remote Low Not required Complete None None
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550
330 CVE-2021-0595 269 2021-10-06 2021-10-08
4.6
None Local Low Not required Partial Partial Partial
In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096
331 CVE-2021-0594 20 Bypass 2021-07-14 2021-07-16
7.9
None Local Network Medium Not required Complete Complete Complete
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224
332 CVE-2021-0593 610 2021-08-17 2021-08-24
4.6
None Local Low Not required Partial Partial Partial
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179386068
333 CVE-2021-0592 787 Exec Code 2021-07-14 2021-07-16
9.3
None Remote Medium Not required Complete Complete Complete
In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006
334 CVE-2021-0591 610 2021-08-17 2021-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960
335 CVE-2021-0590 276 2021-07-14 2021-07-16
4.9
None Local Low Not required Complete None None
In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041
336 CVE-2021-0589 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982
337 CVE-2021-0588 276 2021-07-14 2021-07-16
4.9
None Local Low Not required Complete None None
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342
338 CVE-2021-0587 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758
339 CVE-2021-0586 1021 2021-07-14 2021-09-13
6.9
None Local Medium Not required Complete Complete Complete
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940
340 CVE-2021-0585 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-184963385
341 CVE-2021-0584 125 2021-08-17 2021-08-24
2.1
None Local Low Not required Partial None None
In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794
342 CVE-2021-0583 269 2021-10-11 2021-10-18
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956
343 CVE-2021-0582 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187149601
344 CVE-2021-0581 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231638
345 CVE-2021-0580 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231637
346 CVE-2021-0579 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231636
347 CVE-2021-0578 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161772
348 CVE-2021-0577 787 Overflow 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161771
349 CVE-2021-0576 787 2021-08-17 2021-08-24
4.6
None Local Low Not required Partial Partial Partial
In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187236084
350 CVE-2021-0574 787 2021-08-17 2021-08-24
4.6
None Local Low Not required Partial Partial Partial
In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187234876
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.