CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38591 2021-08-12 2021-08-20
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
2 CVE-2021-30161 Bypass 2021-04-06 2021-04-12
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).
3 CVE-2021-25502 312 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
4 CVE-2021-25501 863 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
5 CVE-2021-25486 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
6 CVE-2021-25484 287 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
7 CVE-2021-25472 863 2021-10-06 2021-10-13
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
8 CVE-2021-25463 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
9 CVE-2021-25462 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
10 CVE-2021-25460 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
11 CVE-2021-25459 552 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
12 CVE-2021-25458 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
13 CVE-2021-25453 20 2021-09-09 2021-09-23
2.1
None Local Low Not required Partial None None
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
14 CVE-2021-25444 2021-08-05 2021-08-12
2.1
None Local Low Not required Partial None None
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
15 CVE-2021-25413 2021-06-11 2021-10-18
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
16 CVE-2021-25409 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
17 CVE-2021-25397 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
18 CVE-2021-25393 732 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
19 CVE-2021-25392 326 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
20 CVE-2021-25391 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
21 CVE-2021-25369 863 2021-03-26 2021-03-31
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
22 CVE-2021-25364 200 +Info 2021-04-09 2021-04-26
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
23 CVE-2021-25359 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
24 CVE-2021-25358 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
25 CVE-2021-25357 269 2021-04-09 2021-04-20
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
26 CVE-2021-25344 276 2021-03-04 2021-03-11
2.1
None Local Low Not required Partial None None
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
27 CVE-2021-25340 863 2021-03-04 2021-03-11
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
28 CVE-2021-3022 2021-01-05 2021-01-08
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021).
29 CVE-2021-0939 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A
30 CVE-2021-0938 908 Bypass 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel
31 CVE-2021-0695 416 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel
32 CVE-2021-0693 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184046948
33 CVE-2021-0689 125 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264
34 CVE-2021-0686 863 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831
35 CVE-2021-0682 863 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555
36 CVE-2021-0681 863 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337
37 CVE-2021-0680 863 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676
38 CVE-2021-0644 863 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462
39 CVE-2021-0643 862 2021-10-22 2021-10-26
2.1
None Local Low Not required Partial None None
In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370
40 CVE-2021-0641 862 2021-08-17 2021-08-24
2.1
None Local Low Not required Partial None None
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454
41 CVE-2021-0639 922 2021-08-17 2021-08-24
2.1
None Local Low Not required Partial None None
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551
42 CVE-2021-0618 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561394; Issue ID: ALPS05561394.
43 CVE-2021-0617 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561391; Issue ID: ALPS05561391.
44 CVE-2021-0616 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561389; Issue ID: ALPS05561389.
45 CVE-2021-0615 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.
46 CVE-2021-0614 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528.
47 CVE-2021-0613 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.
48 CVE-2021-0584 125 2021-08-17 2021-08-24
2.1
None Local Low Not required Partial None None
In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794
49 CVE-2021-0572 287 Bypass 2021-06-22 2021-06-24
2.1
None Local Low Not required Partial None None
In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355
50 CVE-2021-0566 125 2021-06-22 2021-06-24
2.1
None Local Low Not required Partial None None
In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436
Total number of vulnerabilities : 416   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.