CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » 8.1 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30162 Bypass 2021-04-06 2021-04-13
3.6
None Local Low Not required Partial Partial None
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
2 CVE-2021-26689 416 2021-02-04 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
3 CVE-2021-26687 2021-02-04 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
4 CVE-2021-25502 312 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
5 CVE-2021-25486 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
6 CVE-2021-25484 287 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
7 CVE-2021-25483 125 2021-10-06 2021-10-13
5.0
None Remote Low Not required Partial None None
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
8 CVE-2021-25472 863 2021-10-06 2021-10-13
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
9 CVE-2021-25461 787 Overflow 2021-09-09 2022-04-26
4.6
None Local Low Not required Partial Partial Partial
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
10 CVE-2021-25458 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
11 CVE-2021-25456 125 2021-09-09 2021-09-22
4.3
None Remote Medium Not required None Partial None
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
12 CVE-2021-25455 125 2021-09-09 2021-09-23
4.3
None Remote Medium Not required Partial None None
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
13 CVE-2021-25454 125 2021-09-09 2021-09-22
4.3
None Remote Medium Not required None None Partial
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
14 CVE-2021-25453 20 2021-09-09 2021-09-23
2.1
None Local Low Not required Partial None None
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
15 CVE-2021-25450 22 Dir. Trav. 2021-09-09 2021-09-22
3.3
None Local Network Low Not required None Partial None
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
16 CVE-2021-25449 20 Exec Code 2021-09-09 2021-09-22
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
17 CVE-2021-25444 2021-08-05 2021-08-12
2.1
None Local Low Not required Partial None None
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
18 CVE-2021-25443 416 2021-08-05 2021-08-12
4.6
None Local Low Not required Partial Partial Partial
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
19 CVE-2021-25430 287 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
20 CVE-2021-25429 269 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
21 CVE-2021-25428 20 2021-07-08 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
22 CVE-2021-25427 89 Sql 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
23 CVE-2021-25395 362 Bypass 2021-06-11 2021-06-16
4.4
None Local Medium Not required Partial Partial Partial
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
24 CVE-2021-25394 362 2021-06-11 2021-06-16
4.4
None Local Medium Not required Partial Partial Partial
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
25 CVE-2021-25390 2021-06-11 2021-06-16
1.9
None Local Medium Not required Partial None None
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
26 CVE-2021-25387 787 Exec Code 2021-06-11 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
27 CVE-2021-25386 120 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
28 CVE-2021-25385 120 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
29 CVE-2021-25384 20 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
30 CVE-2021-25383 120 Exec Code 2021-06-11 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
31 CVE-2021-25382 863 2021-04-23 2021-05-03
3.6
None Local Low Not required Partial Partial None
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
32 CVE-2021-25370 787 Mem. Corr. 2021-03-26 2022-05-03
4.9
None Local Low Not required None None Complete
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
33 CVE-2021-25369 863 2021-03-26 2021-03-31
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
34 CVE-2021-25365 755 2021-04-09 2022-04-26
7.2
None Local Low Not required Complete Complete Complete
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.
35 CVE-2021-25363 269 2021-04-09 2021-04-26
3.6
None Local Low Not required None Partial Partial
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
36 CVE-2021-25362 269 2021-04-09 2021-04-26
3.6
None Local Low Not required None Partial Partial
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
37 CVE-2021-25357 668 2021-04-09 2022-04-26
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
38 CVE-2021-25356 863 2021-04-09 2021-06-11
7.2
None Local Low Not required Complete Complete Complete
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
39 CVE-2021-25346 787 Exec Code 2021-03-04 2021-03-26
7.5
None Remote Low Not required Partial Partial Partial
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
40 CVE-2021-22492 120 Overflow 2021-01-05 2021-01-08
5.8
None Local Network Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).
41 CVE-2021-0927 281 Exec Code Bypass 2021-12-15 2021-12-17
7.2
None Local Low Not required Complete Complete Complete
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175
42 CVE-2021-0889 Exec Code 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296
43 CVE-2021-0870 362 Exec Code Mem. Corr. 2021-10-22 2021-11-29
9.3
None Remote Medium Not required Complete Complete Complete
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262
44 CVE-2021-0708 610 Exec Code 2021-10-22 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161
45 CVE-2021-0690 787 Overflow 2021-10-06 2021-10-08
4.3
None Remote Medium Not required Partial None None
In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757
46 CVE-2021-0689 125 2021-10-06 2021-10-08
2.1
None Local Low Not required Partial None None
In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264
47 CVE-2021-0688 362 Bypass 2021-10-06 2021-10-08
4.4
None Local Medium Not required Partial Partial Partial
In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543
48 CVE-2021-0687 20 DoS 2021-10-06 2021-10-08
1.9
None Local Medium Not required None None Partial
In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943
49 CVE-2021-0684 416 2021-10-06 2021-10-08
4.6
None Local Low Not required Partial Partial Partial
In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665
50 CVE-2021-0683 Exec Code 2021-10-06 2021-10-08
4.6
None Local Low Not required Partial Partial Partial
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942
Total number of vulnerabilities : 669   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.