This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2019-09-05
Product Android Last view 2021-08-18
Version 10.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.7 2021-08-18 CVE-2021-0628

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.

6.7 2021-08-18 CVE-2021-0627

In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.

6.7 2021-08-18 CVE-2021-0626

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.

5.5 2021-08-18 CVE-2021-0420

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.

5.5 2021-08-18 CVE-2021-0419

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.

5.5 2021-08-18 CVE-2021-0418

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.

5.5 2021-08-18 CVE-2021-0417

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

5.5 2021-08-18 CVE-2021-0416

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.

5.5 2021-08-18 CVE-2021-0415

In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692.

5.5 2021-08-18 CVE-2021-0408

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.

6.7 2021-08-18 CVE-2021-0407

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.

7.8 2021-08-17 CVE-2021-0646

In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319

5.5 2021-08-17 CVE-2021-0642

In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149

5.5 2021-08-17 CVE-2021-0641

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454

7.8 2021-08-17 CVE-2021-0640

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-187957589

7.8 2021-08-17 CVE-2021-0593

In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179386068

7.3 2021-08-17 CVE-2021-0591

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960

5.5 2021-08-17 CVE-2021-0584

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794

7.8 2021-08-17 CVE-2021-0519

In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109

3.3 2021-08-12 CVE-2021-38591

An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).

5.5 2021-08-05 CVE-2021-25444

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

5.3 2021-08-05 CVE-2021-25443

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.

5.5 2021-07-14 CVE-2021-0604

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660

7.8 2021-07-14 CVE-2021-0602

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895

5.5 2021-07-14 CVE-2021-0601

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
26% (200) CWE-787 Out-of-bounds Write
23% (179) CWE-125 Out-of-bounds Read
9% (75) CWE-20 Improper Input Validation
5% (45) CWE-190 Integer Overflow or Wraparound
5% (40) CWE-416 Use After Free
3% (25) CWE-269 Improper Privilege Management
3% (24) CWE-362 Race Condition
2% (21) CWE-276 Incorrect Default Permissions
1% (10) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
1% (8) CWE-755 Improper Handling of Exceptional Conditions
1% (8) CWE-476 NULL Pointer Dereference
1% (8) CWE-415 Double Free
1% (8) CWE-200 Information Exposure
0% (7) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (7) CWE-306 Missing Authentication for Critical Function
0% (6) CWE-532 Information Leak Through Log Files
0% (6) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (6) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (5) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
0% (4) CWE-668 Exposure of Resource to Wrong Sphere
0% (4) CWE-610 Externally Controlled Reference to a Resource in Another Sphere
0% (4) CWE-502 Deserialization of Untrusted Data
0% (3) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (3) CWE-667 Insufficient Locking