This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2009-10-14
Product Android Last view 2020-08-13
Version - Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-08-13 CVE-2020-0261

In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841

9.1 2020-08-11 CVE-2020-0260

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183

7.8 2020-08-11 CVE-2020-0259

In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A

7.5 2020-08-11 CVE-2020-0254

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751

9.8 2020-08-11 CVE-2020-0253

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365

9.8 2020-08-11 CVE-2020-0252

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803

7.5 2020-08-11 CVE-2020-0251

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626

9.8 2020-07-17 CVE-2020-0231

There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727

9.8 2020-07-17 CVE-2020-0230

There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262

7.5 2020-07-17 CVE-2020-0228

There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723

9.8 2020-06-16 CVE-2020-0235

In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-135129430

7.8 2020-06-16 CVE-2020-0234

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280

9.8 2020-06-16 CVE-2020-0232

Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714

9.8 2020-06-16 CVE-2020-0223

This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450

5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

9.8 2020-05-14 CVE-2020-0221

Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851

6.7 2020-05-14 CVE-2020-0220

In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561

7.8 2020-05-14 CVE-2020-0110

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

5.5 2020-05-14 CVE-2020-0091

In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700

5.5 2020-05-14 CVE-2020-0090

An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048

5.5 2020-05-14 CVE-2020-0065

An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448

5.5 2020-05-14 CVE-2020-0064

An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855

6.5 2020-05-08 CVE-2020-6616

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).

4.4 2020-04-17 CVE-2020-0077

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146055840

6.7 2020-04-17 CVE-2020-0076

In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146056878

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
20% (245) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (221) CWE-264 Permissions, Privileges, and Access Controls
12% (150) CWE-200 Information Exposure
7% (91) CWE-416 Use After Free
5% (72) CWE-125 Out-of-bounds Read
5% (69) CWE-20 Improper Input Validation
5% (67) CWE-787 Out-of-bounds Write
3% (47) CWE-190 Integer Overflow or Wraparound
3% (43) CWE-362 Race Condition
2% (30) CWE-189 Numeric Errors
2% (28) CWE-284 Access Control (Authorization) Issues
1% (18) CWE-415 Double Free
1% (16) CWE-476 NULL Pointer Dereference
1% (16) CWE-129 Improper Validation of Array Index
1% (16) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (12) CWE-269 Improper Privilege Management
0% (9) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (6) CWE-399 Resource Management Errors
0% (4) CWE-191 Integer Underflow (Wrap or Wraparound)
0% (4) CWE-19 Data Handling
0% (3) CWE-772 Missing Release of Resource after Effective Lifetime
0% (3) CWE-310 Cryptographic Issues
0% (3) CWE-275 Permission Issues
0% (2) CWE-704 Incorrect Type Conversion or Cast
0% (2) CWE-682 Incorrect Calculation

SAINT Exploits

Description Link
Adobe Flash Player SWF Content Regular Expression Heap Overflow More info here
Adobe Flash Player Object Confusion Code Execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
76552 Google Chrome Multiple Unspecified Same Origin Policy Bypass
74800 Android System Property Space ASHMEM_SET_PROT_MASK Application Sandbox Local ...
72766 Google Android JavaScript Unprompted Arbitrary SD File Access
70744 Google Android Mms Application data/WorkingMessage.java Draft Cache SMS Messa...
67962 Apple Safari WebKit Floating Point Data Crafted HTML Document Handling Arbitr...
58955 Google Android Dalvik API Unspecified Function Remote DoS

ExploitDB Exploits

id Description
35382 Android WAPPushManager - SQL Injection
32959 Adobe Flash Player Regular Expression Heap Overflow
28957 Android Zygote Socket Vulnerability Fork bomb Attack
19369 Adobe Flash Player Object Type Confusion
18164 Android 'content://' URI Multiple Information Disclosure Vulnerabilities
15548 Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit
15423 Android 2.0-2.1 Reverse Shell Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_dec12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - December12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_dec12_win.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_nov12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - November12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_nov12_win.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_oct12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - October 12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_oct12_win.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_dec12_win.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_dec12_lin.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_dec12_macosx.nasl
2012-12-13 Name : SuSE Update for flash-player openSUSE-SU-2012:1480-1 (flash-player)
File : nvt/gb_suse_2012_1480_1.nasl
2012-12-13 Name : SuSE Update for flash-player openSUSE-SU-2012:0723-1 (flash-player)
File : nvt/gb_suse_2012_0723_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0594-1 (update)
File : nvt/gb_suse_2012_0594_1.nasl
2012-11-26 Name : FreeBSD Ports: linux-f10-flashplugin
File : nvt/freebsd_linux-f10-flashplugin4.nasl
2012-11-26 Name : FreeBSD Ports: linux-f10-flashplugin
File : nvt/freebsd_linux-f10-flashplugin5.nasl
2012-11-08 Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_nov12_macosx.nasl
2012-11-08 Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_nov12_win.nasl
2012-11-08 Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_nov12_lin.nasl
2012-10-15 Name : Adobe Flash Player Multiple Vulnerabilities - Oct12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_oct12_lin.nasl
2012-10-15 Name : Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_oct12_win.nasl
2012-10-15 Name : Adobe Flash Player Multiple Vulnerabilities - October 12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_oct12_macosx.nasl
2012-09-15 Name : Gentoo Security Advisory GLSA 201209-01 (adobe-flash)
File : nvt/glsa_201209_01.nasl
2012-09-03 Name : Adobe Flash Player Multiple Vulnerabilities - Sep12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_sep12_lin.nasl
2012-08-24 Name : Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln01_aug12_macosx.nasl
2012-08-24 Name : Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln01_aug12_win.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-21 (Adobe Flash Player)
File : nvt/glsa_201206_21.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0168 Multiple Vulnerabilities In Adobe Flash Player
Severity: Category I - VMSKEY: V0040297

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-03-31 Android Binder use after free exploit attempt
RuleID : 53345 - Type : OS-MOBILE - Revision : 1
2020-03-31 Android Binder use after free exploit attempt
RuleID : 53344 - Type : OS-MOBILE - Revision : 1
2019-12-24 Google Android libstagefright integer underflow attempt
RuleID : 52289 - Type : OS-MOBILE - Revision : 1
2019-12-24 Google Android libstagefright integer underflow attempt
RuleID : 52288 - Type : OS-MOBILE - Revision : 1
2019-12-10 Android Stagefright MP4 buffer overflow attempt
RuleID : 52101 - Type : OS-MOBILE - Revision : 1
2019-12-10 Android Stagefright MP4 buffer overflow attempt
RuleID : 52100 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51866 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51865 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51864 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51863 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51862 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51861 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51860 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51859 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51858 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51857 - Type : OS-MOBILE - Revision : 1
2018-05-23 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063-community - Type : OS-LINUX - Revision : 5
2016-10-11 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063 - Type : OS-LINUX - Revision : 5
2015-09-03 Android Stagefright MP4 buffer overflow attempt
RuleID : 35435 - Type : OS-MOBILE - Revision : 5
2015-09-03 Android Stagefright MP4 buffer overflow attempt
RuleID : 35434 - Type : OS-MOBILE - Revision : 5
2015-02-11 Android ObjectInputStream privilege escalation attempt
RuleID : 32975 - Type : OS-MOBILE - Revision : 3
2015-02-11 Android ObjectInputStream privilege escalation attempt
RuleID : 32974 - Type : OS-MOBILE - Revision : 3
2014-09-23 Astrum exploit kit Adobe Flash exploit payload request
RuleID : 31968-community - Type : EXPLOIT-KIT - Revision : 1
2014-11-16 Astrum exploit kit Adobe Flash exploit payload request
RuleID : 31968 - Type : EXPLOIT-KIT - Revision : 2
2014-11-16 CottonCastle exploit kit Adobe flash outbound connection
RuleID : 31276 - Type : EXPLOIT-KIT - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-086.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-088.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1432.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO
2018-10-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1531.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4308.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1234.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-063.nasl - Type: ACT_GATHER_INFO
2018-08-20 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-055.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2384.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2390.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1422.nasl - Type: ACT_GATHER_INFO
2018-05-30 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1023.nasl - Type: ACT_GATHER_INFO
2018-05-15 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-029.nasl - Type: ACT_GATHER_INFO
2018-05-10 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1319.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-1369.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4187.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-04-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-994.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0023.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4120.nasl - Type: ACT_GATHER_INFO
2018-01-29 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1031.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-937.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3659.nasl - Type: ACT_GATHER_INFO