Search
Total
5785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25392 | 1 Google | 1 Android | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. | |||||
| CVE-2021-25391 | 1 Google | 1 Android | 2021-06-16 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | |||||
| CVE-2021-25390 | 1 Google | 1 Android | 2021-06-16 | 1.9 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | |||||
| CVE-2021-25395 | 1 Google | 1 Android | 2021-06-16 | 4.4 MEDIUM | 6.4 MEDIUM |
| A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. | |||||
| CVE-2021-25394 | 1 Google | 1 Android | 2021-06-16 | 4.4 MEDIUM | 6.4 MEDIUM |
| A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. | |||||
| CVE-2021-25393 | 1 Google | 1 Android | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. | |||||
| CVE-2021-25408 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-06-16 | 4.6 MEDIUM | 7.8 HIGH |
| A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25415 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. | |||||
| CVE-2021-25396 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-06-16 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25397 | 1 Google | 1 Android | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. | |||||
| CVE-2021-25383 | 1 Google | 1 Android | 2021-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-0482 | 1 Google | 1 Android | 2021-06-16 | 6.9 MEDIUM | 7.0 HIGH |
| In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720 | |||||
| CVE-2021-0484 | 1 Google | 1 Android | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767 | |||||
| CVE-2021-0476 | 1 Google | 1 Android | 2021-06-15 | 6.9 MEDIUM | 7.0 HIGH |
| In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 | |||||
| CVE-2021-0494 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318 | |||||
| CVE-2021-0495 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 | |||||
| CVE-2021-0496 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912 | |||||
| CVE-2021-0492 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459078 | |||||
| CVE-2021-0490 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464868 | |||||
| CVE-2021-0497 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320 | |||||
| CVE-2021-0498 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321 | |||||
| CVE-2021-0493 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461317 | |||||
| CVE-2021-0489 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464866 | |||||
| CVE-2021-0487 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174046397 | |||||
| CVE-2019-9475 | 1 Google | 1 Android | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 | |||||
| CVE-2021-25384 | 1 Google | 1 Android | 2021-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-25385 | 1 Google | 1 Android | 2021-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-25386 | 1 Google | 1 Android | 2021-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-0473 | 1 Google | 1 Android | 2021-06-14 | 8.3 HIGH | 8.8 HIGH |
| In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 | |||||
| CVE-2021-0474 | 1 Google | 1 Android | 2021-06-14 | 10.0 HIGH | 9.8 CRITICAL |
| In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958 | |||||
| CVE-2021-0475 | 1 Google | 1 Android | 2021-06-14 | 8.3 HIGH | 8.8 HIGH |
| In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168 | |||||
| CVE-2021-25356 | 1 Google | 1 Android | 2021-06-11 | 7.2 HIGH | 8.8 HIGH |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | |||||
| CVE-2020-0055 | 1 Google | 1 Android | 2021-06-08 | 2.1 LOW | 5.5 MEDIUM |
| In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141617601 | |||||
| CVE-2011-0419 | 7 Apache, Apple, Freebsd and 4 more | 8 Http Server, Portable Runtime, Mac Os X and 5 more | 2021-06-06 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | |||||
| CVE-2021-21229 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2021-06-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-0430 | 1 Google | 1 Android | 2021-05-04 | 10.0 HIGH | 9.8 CRITICAL |
| In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766 | |||||
| CVE-2021-25382 | 1 Google | 1 Android | 2021-05-03 | 3.6 LOW | 5.5 MEDIUM |
| An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. | |||||
| CVE-2021-25364 | 1 Google | 1 Android | 2021-04-26 | 2.1 LOW | 3.3 LOW |
| A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | |||||
| CVE-2021-25363 | 1 Google | 1 Android | 2021-04-26 | 3.6 LOW | 6.1 MEDIUM |
| An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | |||||
| CVE-2021-25362 | 1 Google | 1 Android | 2021-04-26 | 3.6 LOW | 6.1 MEDIUM |
| An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | |||||
| CVE-2021-25361 | 1 Google | 1 Android | 2021-04-26 | 7.2 HIGH | 8.8 HIGH |
| An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. | |||||
| CVE-2021-25377 | 2 Google, Samsung | 2 Android, Experience Service | 2021-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | |||||
| CVE-2021-25373 | 2 Google, Samsung | 2 Android, Customization Service | 2021-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-0488 | 1 Google | 1 Android | 2021-04-21 | 7.2 HIGH | 6.7 MEDIUM |
| In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781 | |||||
| CVE-2021-0444 | 1 Google | 1 Android | 2021-04-20 | 1.9 LOW | 5.5 MEDIUM |
| In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358 | |||||
| CVE-2021-0446 | 1 Google | 1 Android | 2021-04-20 | 4.4 MEDIUM | 7.3 HIGH |
| In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122 | |||||
| CVE-2021-0471 | 1 Google | 1 Android | 2021-04-19 | 2.1 LOW | 5.5 MEDIUM |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786 | |||||
| CVE-2021-25358 | 1 Google | 1 Android | 2021-04-19 | 2.1 LOW | 3.3 LOW |
| A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications. | |||||
| CVE-2021-25360 | 1 Google | 1 Android | 2021-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-25359 | 1 Google | 1 Android | 2021-04-19 | 2.1 LOW | 3.3 LOW |
| An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. | |||||