CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-26689 416 2021-02-04 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
2 CVE-2021-26687 2021-02-04 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
3 CVE-2021-25449 20 Exec Code 2021-09-09 2021-09-22
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
4 CVE-2021-25412 863 2021-06-11 2021-06-17
7.2
None Local Low Not required Complete Complete Complete
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
5 CVE-2021-25387 787 Exec Code 2021-06-11 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
6 CVE-2021-25386 120 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
7 CVE-2021-25385 120 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
8 CVE-2021-25384 20 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
9 CVE-2021-25383 120 Exec Code 2021-06-11 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
10 CVE-2021-25365 269 2021-04-09 2021-04-26
7.2
None Local Low Not required Complete Complete Complete
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.
11 CVE-2021-25361 22 Dir. Trav. 2021-04-09 2021-04-26
7.2
None Local Low Not required Complete Complete Complete
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
12 CVE-2021-25360 787 Exec Code 2021-04-09 2021-04-19
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
13 CVE-2021-25356 863 2021-04-09 2021-06-11
7.2
None Local Low Not required Complete Complete Complete
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
14 CVE-2021-25346 787 Exec Code 2021-03-04 2021-03-26
7.5
None Remote Low Not required Partial Partial Partial
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
15 CVE-2021-0941 125 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel
16 CVE-2021-0940 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171315276References: N/A
17 CVE-2021-0935 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel
18 CVE-2021-0869 787 Exec Code 2021-09-21 2021-10-05
7.5
None Remote Low Not required Partial Partial Partial
In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A
19 CVE-2021-0708 610 Exec Code 2021-10-22 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161
20 CVE-2021-0705 269 Bypass 2021-10-22 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103
21 CVE-2021-0703 416 2021-10-22 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329
22 CVE-2021-0663 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458.
23 CVE-2021-0662 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.
24 CVE-2021-0661 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844413; Issue ID: ALPS05844413.
25 CVE-2021-0652 119 Overflow Mem. Corr. 2021-10-22 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568
26 CVE-2021-0634 908 Mem. Corr. 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.
27 CVE-2021-0633 787 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.
28 CVE-2021-0625 667 Mem. Corr. 2021-10-25 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.
29 CVE-2021-0602 269 Bypass 2021-07-14 2021-07-14
7.2
None Local Low Not required Complete Complete Complete
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895
30 CVE-2021-0596 125 2021-07-14 2021-07-16
7.8
None Remote Low Not required Complete None None
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550
31 CVE-2021-0594 20 Bypass 2021-07-14 2021-07-16
7.9
None Local Network Medium Not required Complete Complete Complete
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224
32 CVE-2021-0589 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982
33 CVE-2021-0587 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758
34 CVE-2021-0585 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-184963385
35 CVE-2021-0577 787 Overflow 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161771
36 CVE-2021-0519 787 Overflow 2021-08-17 2021-08-24
7.2
None Local Low Not required Complete Complete Complete
In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109
37 CVE-2021-0516 125 2021-06-21 2021-06-23
7.5
None Remote Low Not required Partial Partial Partial
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448
38 CVE-2021-0505 863 2021-06-21 2021-06-22
7.2
None Local Low Not required Complete Complete Complete
In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048
39 CVE-2021-0498 415 Mem. Corr. 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321
40 CVE-2021-0497 416 Mem. Corr. 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320
41 CVE-2021-0496 416 Mem. Corr. 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912
42 CVE-2021-0495 787 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083
43 CVE-2021-0494 190 Overflow 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318
44 CVE-2021-0493 787 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461317
45 CVE-2021-0492 787 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459078
46 CVE-2021-0491 269 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315
47 CVE-2021-0490 787 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464868
48 CVE-2021-0489 787 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464866
49 CVE-2021-0488 787 Exec Code 2021-04-15 2021-04-21
7.2
None Local Low Not required Complete Complete Complete
In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781
50 CVE-2021-0487 269 2021-06-11 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174046397
Total number of vulnerabilities : 1216   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.