Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Filtered by product Android
Total 6434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5033 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-22 4.3 MEDIUM 4.3 MEDIUM
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
CVE-2017-5030 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-22 6.8 MEDIUM 8.8 HIGH
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2017-5029 7 Apple, Debian, Google and 4 more 10 Macos, Debian Linux, Android and 7 more 2022-04-22 6.8 MEDIUM 8.8 HIGH
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2019-9455 2 Google, Opensuse 2 Android, Leap 2022-04-22 2.1 LOW 2.3 LOW
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2020-0088 1 Google 1 Android 2022-04-22 4.3 MEDIUM 6.5 MEDIUM
In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881
CVE-2021-39796 1 Google 1 Android 2022-04-20 6.9 MEDIUM 7.3 HIGH
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291
CVE-2021-39814 1 Google 1 Android 2022-04-20 7.2 HIGH 6.7 MEDIUM
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A
CVE-2021-39809 1 Google 1 Android 2022-04-20 5.0 MEDIUM 7.5 HIGH
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191
CVE-2021-39812 1 Google 1 Android 2022-04-20 7.2 HIGH 7.8 HIGH
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A
CVE-2021-39807 1 Google 1 Android 2022-04-20 7.2 HIGH 7.8 HIGH
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496
CVE-2021-39805 1 Google 1 Android 2022-04-20 3.3 LOW 6.5 MEDIUM
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559
CVE-2021-39804 1 Google 1 Android 2022-04-20 4.3 MEDIUM 6.5 MEDIUM
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587
CVE-2021-0707 1 Google 1 Android 2022-04-20 7.2 HIGH 7.8 HIGH
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel
CVE-2021-0694 1 Google 1 Android 2022-04-20 7.2 HIGH 7.8 HIGH
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114
CVE-2021-39794 1 Google 1 Android 2022-04-19 7.6 HIGH 7.8 HIGH
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329
CVE-2022-26091 1 Google 1 Android 2022-04-18 4.6 MEDIUM 6.8 MEDIUM
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.
CVE-2022-26092 1 Google 1 Android 2022-04-18 7.2 HIGH 7.8 HIGH
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
CVE-2022-25833 1 Google 1 Android 2022-04-18 2.1 LOW 3.3 LOW
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
CVE-2022-26090 1 Google 1 Android 2022-04-18 2.1 LOW 3.3 LOW
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
CVE-2022-26093 1 Google 1 Android 2022-04-18 7.5 HIGH 9.8 CRITICAL
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.