This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2012-05-04
Product Android Last view 2020-06-05
Version 4.4 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

4.8 2020-04-10 CVE-2015-9546

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).

9.8 2020-04-10 CVE-2015-5524

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).

6.5 2020-04-07 CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).

9.8 2020-04-07 CVE-2017-18693

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017).

9.8 2020-04-07 CVE-2017-18690

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017).

5.3 2020-04-07 CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017).

7.5 2020-04-07 CVE-2017-18685

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017).

7.5 2020-04-07 CVE-2017-18682

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017).

7.5 2020-04-07 CVE-2017-18678

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-8119 (April 2017).

7.5 2020-04-07 CVE-2017-18670

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. android.intent.action.SIOP_LEVEL_CHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 (May 2017).

4.3 2020-04-07 CVE-2017-18667

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017).

7.5 2020-04-07 CVE-2017-18666

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 2017).

7.5 2020-04-07 CVE-2017-18664

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017).

5.3 2020-04-07 CVE-2017-18659

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017).

4.3 2020-04-07 CVE-2017-18653

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. The Email application allows attackers to send emails on behalf of any user via a broadcasted intent. The Samsung ID is SVE-2017-9357 (September 2017).

9.1 2020-04-07 CVE-2017-18648

An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).

7.8 2020-04-07 CVE-2016-11047

An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).

7.5 2020-04-07 CVE-2016-11046

An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).

4.6 2020-04-07 CVE-2016-11041

An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).

7.5 2020-04-07 CVE-2016-11039

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).

7.5 2020-04-07 CVE-2016-11031

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).

8.1 2020-04-07 CVE-2016-11030

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).

7.5 2020-04-07 CVE-2016-11026

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).

8.1 2020-02-21 CVE-2014-7914

btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
31% (234) CWE-264 Permissions, Privileges, and Access Controls
17% (130) CWE-200 Information Exposure
17% (127) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (45) CWE-20 Improper Input Validation
4% (36) CWE-284 Access Control (Authorization) Issues
4% (33) CWE-189 Numeric Errors
2% (15) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (14) CWE-190 Integer Overflow or Wraparound
1% (12) CWE-362 Race Condition
1% (9) CWE-399 Resource Management Errors
1% (8) CWE-476 NULL Pointer Dereference
0% (7) CWE-787 Out-of-bounds Write
0% (6) CWE-416 Use After Free
0% (6) CWE-254 Security Features
0% (6) CWE-19 Data Handling
0% (5) CWE-755 Improper Handling of Exceptional Conditions
0% (4) CWE-275 Permission Issues
0% (4) CWE-125 Out-of-bounds Read
0% (3) CWE-388 Error Handling
0% (3) CWE-129 Improper Validation of Array Index
0% (2) CWE-772 Missing Release of Resource after Effective Lifetime
0% (2) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
0% (2) CWE-172 Encoding Error
0% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (1) CWE-763 Release of Invalid Pointer or Reference

SAINT Exploits

Description Link
Adobe Flash Player Object Confusion Code Execution More info here
Adobe Flash Player SWF Content Regular Expression Heap Overflow More info here

ExploitDB Exploits

id Description
35382 Android WAPPushManager - SQL Injection
32959 Adobe Flash Player Regular Expression Heap Overflow
19369 Adobe Flash Player Object Type Confusion

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_dec12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - December12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_dec12_win.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_nov12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - November12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_nov12_win.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_oct12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - October 12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_oct12_win.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_dec12_lin.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_dec12_win.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_dec12_macosx.nasl
2012-12-13 Name : SuSE Update for flash-player openSUSE-SU-2012:1480-1 (flash-player)
File : nvt/gb_suse_2012_1480_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0594-1 (update)
File : nvt/gb_suse_2012_0594_1.nasl
2012-11-26 Name : FreeBSD Ports: linux-f10-flashplugin
File : nvt/freebsd_linux-f10-flashplugin5.nasl
2012-11-26 Name : FreeBSD Ports: linux-f10-flashplugin
File : nvt/freebsd_linux-f10-flashplugin4.nasl
2012-11-08 Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_nov12_macosx.nasl
2012-11-08 Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_nov12_win.nasl
2012-11-08 Name : Adobe Flash Player Multiple Vulnerabilities - November12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_nov12_lin.nasl
2012-10-15 Name : Adobe Flash Player Multiple Vulnerabilities - October 12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_oct12_macosx.nasl
2012-10-15 Name : Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_oct12_win.nasl
2012-10-15 Name : Adobe Flash Player Multiple Vulnerabilities - Oct12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_oct12_lin.nasl
2012-09-15 Name : Gentoo Security Advisory GLSA 201209-01 (adobe-flash)
File : nvt/glsa_201209_01.nasl
2012-09-03 Name : Adobe Flash Player Multiple Vulnerabilities - Sep12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_sep12_lin.nasl
2012-08-24 Name : Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln01_aug12_win.nasl
2012-08-24 Name : Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln01_aug12_macosx.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-21 (Adobe Flash Player)
File : nvt/glsa_201206_21.nasl
2012-05-08 Name : Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Wind...
File : nvt/gb_adobe_flash_player_obj_code_exec_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0168 Multiple Vulnerabilities In Adobe Flash Player
Severity: Category I - VMSKEY: V0040297

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-12-24 Google Android libstagefright integer underflow attempt
RuleID : 52289 - Type : OS-MOBILE - Revision : 1
2019-12-24 Google Android libstagefright integer underflow attempt
RuleID : 52288 - Type : OS-MOBILE - Revision : 1
2019-12-10 Android Stagefright MP4 buffer overflow attempt
RuleID : 52101 - Type : OS-MOBILE - Revision : 1
2019-12-10 Android Stagefright MP4 buffer overflow attempt
RuleID : 52100 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51866 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51865 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51864 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51863 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51862 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51861 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51860 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51859 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51858 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51857 - Type : OS-MOBILE - Revision : 1
2018-05-23 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063-community - Type : OS-LINUX - Revision : 5
2016-10-11 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063 - Type : OS-LINUX - Revision : 5
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37438 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37437 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37436 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37435 - Type : OS-LINUX - Revision : 2
2015-09-03 Android Stagefright MP4 buffer overflow attempt
RuleID : 35435 - Type : OS-MOBILE - Revision : 5
2015-09-03 Android Stagefright MP4 buffer overflow attempt
RuleID : 35434 - Type : OS-MOBILE - Revision : 5
2015-02-11 Android ObjectInputStream privilege escalation attempt
RuleID : 32975 - Type : OS-MOBILE - Revision : 3
2015-02-11 Android ObjectInputStream privilege escalation attempt
RuleID : 32974 - Type : OS-MOBILE - Revision : 3
2014-09-23 Astrum exploit kit Adobe Flash exploit payload request
RuleID : 31968-community - Type : EXPLOIT-KIT - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0020.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0023.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3659.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0174.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3657.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3658.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0173.nasl - Type: ACT_GATHER_INFO
2017-11-08 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0168.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3636.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3637.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2920-1.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2525-1.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3422-1.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2389-1.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1842.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3609.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0145.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_kernel_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-21 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3606.nasl - Type: ACT_GATHER_INFO
2017-08-21 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3607.nasl - Type: ACT_GATHER_INFO
2017-08-21 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0144.nasl - Type: ACT_GATHER_INFO
2017-08-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3945.nasl - Type: ACT_GATHER_INFO
2017-08-18 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3605.nasl - Type: ACT_GATHER_INFO
2017-08-18 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0143.nasl - Type: ACT_GATHER_INFO