CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » 10.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-22272 863 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
2 CVE-2022-22271 20 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
3 CVE-2022-22270 552 2022-01-10 2022-01-14
4.3
None Remote Medium Not required Partial None None
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
4 CVE-2022-22269 552 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
5 CVE-2022-22268 552 2022-01-10 2022-01-14
3.6
None Local Low Not required Partial Partial None
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
6 CVE-2022-22267 552 2022-01-10 2022-01-14
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
7 CVE-2022-22266 269 2022-01-10 2022-01-14
2.1
None Local Low Not required Partial None None
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
8 CVE-2022-22264 20 2022-01-10 2022-01-14
3.6
None Local Low Not required Partial Partial None
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
9 CVE-2021-39659 755 DoS 2022-01-14 2022-01-20
4.7
None Local Medium Not required None None Complete
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659
10 CVE-2021-39629 362 2022-01-14 2022-01-18
6.9
None Local Medium Not required Complete Complete Complete
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344
11 CVE-2021-39628 668 Exec Code 2022-01-14 2022-01-15
2.1
None Local Low Not required Partial None None
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031
12 CVE-2021-39627 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549
13 CVE-2021-39626 610 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497
14 CVE-2021-39625 269 +Priv 2022-01-14 2022-01-15
6.9
None Local Medium Not required Complete Complete Complete
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347
15 CVE-2021-39623 269 2022-01-14 2022-01-15
10.0
None Remote Low Not required Complete Complete Complete
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348
16 CVE-2021-39622 281 Bypass 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648
17 CVE-2021-39621 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319
18 CVE-2021-39618 269 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999
19 CVE-2021-38591 2021-08-12 2021-08-20
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
20 CVE-2021-30162 Bypass 2021-04-06 2021-04-13
3.6
None Local Low Not required Partial Partial None
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
21 CVE-2021-26689 416 2021-02-04 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
22 CVE-2021-26687 2021-02-04 2021-02-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
23 CVE-2021-25519 732 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
24 CVE-2021-25518 119 Exec Code Overflow 2021-12-08 2021-12-13
4.6
None Local Low Not required Partial Partial Partial
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
25 CVE-2021-25517 20 Exec Code 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.
26 CVE-2021-25516 755 2021-12-08 2021-12-13
5.0
None Remote Low Not required Partial None None
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
27 CVE-2021-25515 269 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
28 CVE-2021-25514 2021-12-08 2021-12-10
4.3
None Remote Medium Not required Partial None None
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
29 CVE-2021-25512 20 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.
30 CVE-2021-25511 22 Dir. Trav. 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
31 CVE-2021-25510 20 Exec Code 2021-12-08 2021-12-10
4.6
None Local Low Not required Partial Partial Partial
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.
32 CVE-2021-25502 312 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
33 CVE-2021-25501 863 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
34 CVE-2021-25490 2021-10-06 2021-10-13
3.6
None Local Low Not required Partial Partial None
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
35 CVE-2021-25486 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
36 CVE-2021-25485 22 Dir. Trav. 2021-10-06 2021-10-13
5.8
None Local Network Low Not required Partial Partial Partial
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
37 CVE-2021-25484 287 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
38 CVE-2021-25483 125 2021-10-06 2021-10-13
5.0
None Remote Low Not required Partial None None
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
39 CVE-2021-25474 755 DoS +Priv 2021-10-06 2021-10-13
4.9
None Local Low Not required None None Complete
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
40 CVE-2021-25472 863 2021-10-06 2021-10-13
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
41 CVE-2021-25462 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
42 CVE-2021-25460 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
43 CVE-2021-25459 552 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
44 CVE-2021-25458 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
45 CVE-2021-25456 125 2021-09-09 2021-09-22
4.3
None Remote Medium Not required None Partial None
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
46 CVE-2021-25455 125 2021-09-09 2021-09-23
4.3
None Remote Medium Not required Partial None None
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
47 CVE-2021-25454 125 2021-09-09 2021-09-22
4.3
None Remote Medium Not required None None Partial
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
48 CVE-2021-25453 20 2021-09-09 2021-09-23
2.1
None Local Low Not required Partial None None
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
49 CVE-2021-25451 287 2021-09-09 2021-09-23
4.3
None Remote Medium Not required Partial None None
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
50 CVE-2021-25450 22 Dir. Trav. 2021-09-09 2021-09-22
3.3
None Local Network Low Not required None Partial None
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
Total number of vulnerabilities : 970   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.