CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30162 Bypass 2021-04-06 2021-04-13
3.6
None Local Low Not required Partial Partial None
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
2 CVE-2021-25490 2021-10-06 2021-10-13
3.6
None Local Low Not required Partial Partial None
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
3 CVE-2021-25482 89 Sql 2021-10-06 2021-10-13
3.6
None Local Low Not required None Partial Partial
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.
4 CVE-2021-25450 22 Dir. Trav. 2021-09-09 2021-09-22
3.3
None Local Network Low Not required None Partial None
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
5 CVE-2021-25430 287 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
6 CVE-2021-25429 269 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
7 CVE-2021-25427 89 Sql 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
8 CVE-2021-25410 863 2021-06-11 2021-10-18
3.6
None Local Low Not required Partial Partial None
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
9 CVE-2021-25389 287 2021-06-11 2021-06-17
3.6
None Local Low Not required Partial Partial None
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
10 CVE-2021-25388 354 2021-06-11 2021-06-16
3.6
None Local Low Not required Partial Partial None
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
11 CVE-2021-25382 863 2021-04-23 2021-05-03
3.6
None Local Low Not required Partial Partial None
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
12 CVE-2021-25363 269 2021-04-09 2021-04-26
3.6
None Local Low Not required None Partial Partial
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
13 CVE-2021-25362 269 2021-04-09 2021-04-26
3.6
None Local Low Not required None Partial Partial
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
14 CVE-2021-0632 125 2021-10-25 2021-10-26
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05560246; Issue ID: ALPS05551383.
15 CVE-2021-0582 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187149601
16 CVE-2021-0581 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231638
17 CVE-2021-0580 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231637
18 CVE-2021-0579 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231636
19 CVE-2021-0578 125 2021-08-17 2021-08-24
3.3
None Local Network Low Not required Partial None None
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161772
20 CVE-2021-0504 125 2021-06-21 2021-06-22
3.3
None Local Network Low Not required Partial None None
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665
21 CVE-2020-13838 287 2020-06-04 2021-07-21
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).
22 CVE-2020-13837 287 2020-06-04 2021-07-21
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).
23 CVE-2020-0282 125 2020-09-18 2020-09-21
3.5
None Remote Medium ??? Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224
24 CVE-2020-0281 125 2020-09-18 2020-09-21
3.5
None Remote Medium ??? Partial None None
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778
25 CVE-2020-0196 20 DoS 2020-06-11 2020-06-15
3.3
None Local Network Low Not required None None Partial
In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833
26 CVE-2020-0159 125 2020-06-11 2020-06-11
3.5
None Remote Medium ??? Partial None None
In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035
27 CVE-2020-0017 200 +Info 2020-02-13 2021-07-21
3.3
None Local Medium Not required Partial Partial None
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892
28 CVE-2020-0003 367 Bypass 2020-01-08 2020-01-29
3.7
None Local High Not required Partial Partial Partial
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904
29 CVE-2019-20609 200 +Info 2020-03-24 2021-07-21
3.3
None Local Network Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019).
30 CVE-2019-20531 125 2020-03-24 2020-03-27
3.6
None Local Low Not required Partial None Partial
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019).
31 CVE-2019-2227 125 2019-12-06 2019-12-09
3.3
None Local Network Low Not required Partial None None
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453
32 CVE-2019-1996 125 2019-02-28 2019-03-01
3.3
None Local Network Low Not required Partial None None
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066.
33 CVE-2018-21092 20 2020-04-08 2020-04-09
3.3
None Local Network Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).
34 CVE-2018-11293 125 2018-09-18 2018-11-09
3.3
None Local Network Low Not required Partial None None
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.
35 CVE-2018-9594 125 Overflow 2019-02-11 2020-08-24
3.3
None Local Network Low Not required Partial None None
In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.
36 CVE-2018-9593 125 2019-02-11 2019-02-12
3.3
None Local Network Low Not required Partial None None
In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.
37 CVE-2018-9588 125 2019-02-11 2019-02-12
3.3
None Local Network Low Not required Partial None None
In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156.
38 CVE-2017-18695 522 2020-04-07 2020-04-08
3.5
None Remote Medium ??? Partial None None
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).
39 CVE-2017-18680 20 2020-04-07 2020-04-08
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).
40 CVE-2017-15835 835 DoS 2018-12-07 2019-10-03
3.3
None Local Network Low Not required None None Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
41 CVE-2017-13305 125 2018-04-04 2019-10-03
3.6
None Local Low Not required Partial None Partial
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
42 CVE-2017-13269 200 +Info 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.
43 CVE-2017-13268 200 +Info 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.
44 CVE-2017-13262 125 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
45 CVE-2017-6295 125 DoS 2018-03-06 2018-03-27
3.6
None Local Low Not required Partial None Partial
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high.
46 CVE-2017-0792 200 +Info 2017-09-08 2017-09-12
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.
47 CVE-2017-0785 200 +Info 2017-09-14 2018-07-28
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
48 CVE-2016-0830 119 DoS Overflow Mem. Corr. 2016-03-12 2016-11-28
3.3
None Local Network Low Not required None None Partial
btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376.
49 CVE-2015-8956 476 DoS +Info 2016-10-10 2018-01-05
3.6
None Local Low Not required Partial None Partial
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
50 CVE-2015-5310 200 DoS +Info 2016-01-06 2018-02-22
3.3
None Local Network Low Not required Partial None None
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.
Total number of vulnerabilities : 53   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.