CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-25485 22 Dir. Trav. 2021-10-06 2021-10-13
5.8
None Local Network Low Not required Partial Partial Partial
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
2 CVE-2021-25483 125 2021-10-06 2021-10-13
5.0
None Remote Low Not required Partial None None
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
3 CVE-2021-25426 200 +Info 2021-07-08 2021-10-18
5.0
None Remote Low Not required Partial None None
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
4 CVE-2021-25417 863 2021-06-11 2021-06-16
5.0
None Remote Low Not required Partial None None
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
5 CVE-2021-25337 863 2021-03-04 2021-03-11
5.8
None Remote Medium Not required Partial Partial None
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
6 CVE-2021-25330 DoS 2021-03-02 2021-03-09
5.0
None Remote Low Not required None None Partial
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
7 CVE-2021-22492 120 Overflow 2021-01-05 2021-01-08
5.8
None Local Network Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).
8 CVE-2021-0631 125 DoS 2021-10-25 2021-10-26
5.0
None Remote Low Not required None None Partial
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435.
9 CVE-2021-0630 190 DoS 2021-10-25 2021-10-26
5.0
None Remote Low Not required None None Partial
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.
10 CVE-2021-0555 476 DoS 2021-06-22 2021-06-24
5.0
None Remote Low Not required None None Partial
In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711
11 CVE-2021-0522 125 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139
12 CVE-2021-0517 670 Exec Code 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823
13 CVE-2021-0466 668 2021-06-11 2021-06-14
5.0
None Remote Low Not required Partial None None
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734
14 CVE-2021-0435 665 Exec Code +Info 2021-04-13 2021-04-16
5.0
None Remote Low Not required Partial None None
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
15 CVE-2021-0433 269 Bypass 2021-04-13 2021-04-16
5.4
None Local Network Medium Not required Partial Partial Partial
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090
16 CVE-2021-0431 125 2021-04-13 2021-04-16
5.0
None Remote Low Not required Partial None None
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901
17 CVE-2021-0341 295 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
18 CVE-2020-35552 +Info 2020-12-18 2020-12-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020).
19 CVE-2020-28345 476 2020-11-08 2020-11-16
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).
20 CVE-2020-27055 311 2020-12-15 2020-12-17
5.0
None Remote Low Not required Partial None None
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161378819
21 CVE-2020-27024 125 2020-12-15 2020-12-15
5.0
None Remote Low Not required Partial None None
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732
22 CVE-2020-26606 200 +Info 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).
23 CVE-2020-26605 532 +Info 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020).
24 CVE-2020-26604 269 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
25 CVE-2020-26603 22 Dir. Trav. 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020).
26 CVE-2020-26602 668 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).
27 CVE-2020-26601 269 2020-10-06 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020).
28 CVE-2020-26600 200 +Info 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020).
29 CVE-2020-26599 287 2020-10-06 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020).
30 CVE-2020-26598 862 2020-10-06 2020-10-08
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020).
31 CVE-2020-26597 20 2020-10-06 2020-10-08
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020).
32 CVE-2020-25281 2020-09-11 2020-09-17
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).
33 CVE-2020-25064 2020-08-31 2020-09-01
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).
34 CVE-2020-25063 20 2020-08-31 2020-09-01
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).
35 CVE-2020-25059 20 2020-08-31 2020-09-01
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).
36 CVE-2020-25051 Bypass 2020-08-31 2020-09-03
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).
37 CVE-2020-25050 +Info 2020-08-31 2020-09-03
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).
38 CVE-2020-15581 200 +Info 2020-07-07 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).
39 CVE-2020-15579 Bypass 2020-07-07 2020-07-10
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).
40 CVE-2020-13836 22 Dir. Trav. 2020-06-04 2020-06-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).
41 CVE-2020-13835 522 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).
42 CVE-2020-13834 863 2020-06-04 2020-06-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).
43 CVE-2020-13830 200 +Info 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).
44 CVE-2020-13829 2020-06-04 2020-06-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020).
45 CVE-2020-12752 522 2020-05-11 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020).
46 CVE-2020-12750 Bypass 2020-05-11 2020-05-13
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020).
47 CVE-2020-12748 Bypass 2020-05-11 2020-05-13
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020).
48 CVE-2020-12745 863 Bypass 2020-05-11 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020).
49 CVE-2020-11874 Bypass 2020-04-17 2020-04-24
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).
50 CVE-2020-11607 200 +Info 2020-04-08 2020-04-10
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exposure occurs in Lockdown mode because of the Edge Lighting application. The Samsung ID is SVE-2020-16680 (April 2020).
Total number of vulnerabilities : 368   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.