Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Filtered by product Android
Total 6434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1386 2 Google, Youmail 2 Android, Youmail Visual Voicemail Plus 2012-03-07 10.0 HIGH N/A
Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors.
CVE-2012-1380 2 Google, Netease 2 Android, Neteaseweibo 2012-03-07 10.0 HIGH N/A
Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors.
CVE-2009-1754 1 Google 1 Android 2012-02-28 4.3 MEDIUM N/A
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
CVE-2011-4864 2 Google, Tencent 2 Android, Mobileqq 2012-02-28 5.8 MEDIUM N/A
The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application.
CVE-2011-4865 2 Google, Tencent 3 Android, Microblogpad, Wblog 2012-02-28 5.8 MEDIUM N/A
The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application.
CVE-2011-3874 1 Google 1 Android 2012-02-05 9.3 HIGH N/A
Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
CVE-2011-4276 1 Google 1 Android 2012-01-25 4.3 MEDIUM N/A
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.
CVE-2010-4804 1 Google 1 Android 2011-10-26 4.3 MEDIUM N/A
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
CVE-2011-1840 2 Google, Martinicreations 2 Android, Passmanlite Password Manager 2011-09-21 2.1 LOW N/A
The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access.
CVE-2011-2344 1 Google 1 Android 2011-07-08 10.0 HIGH N/A
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
CVE-2011-1149 1 Google 1 Android 2011-04-22 7.2 HIGH N/A
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.
CVE-2010-4212 2 Google, Usaa 2 Android, Usaa 2010-12-21 1.9 LOW N/A
The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data.
CVE-2010-4213 2 Bankofamerica, Google 2 Bank Of America, Android 2010-11-08 4.3 MEDIUM N/A
The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data.
CVE-2010-4214 2 Google, Wellsfargo 2 Android, Wells Fargo Mobile 2010-11-08 4.3 MEDIUM N/A
The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data.