This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2015-02-15
Product Android Last view 2021-07-08
Version 5.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2021-07-08 CVE-2021-25439

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

7.8 2021-07-08 CVE-2021-25438

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

3.3 2021-07-08 CVE-2021-25432

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

3.3 2021-06-11 CVE-2021-25403

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

7.1 2021-04-06 CVE-2021-30162

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

8.8 2020-12-24 CVE-2020-35693

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.

6.8 2020-12-09 CVE-2020-26964

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

7.5 2020-08-31 CVE-2020-25065

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).

7.5 2020-08-31 CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).

5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

9.8 2020-04-08 CVE-2018-21087

An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).

8.1 2020-04-08 CVE-2018-21086

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).

8.1 2020-04-08 CVE-2018-21085

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).

7.5 2020-04-08 CVE-2018-21079

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).

6.5 2020-04-07 CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).

9.8 2020-04-07 CVE-2017-18693

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017).

9.8 2020-04-07 CVE-2017-18690

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017).

5.3 2020-04-07 CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017).

7.5 2020-04-07 CVE-2017-18685

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017).

9.8 2020-04-07 CVE-2017-18684

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017).

9.8 2020-04-07 CVE-2017-18683

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017).

7.5 2020-04-07 CVE-2017-18682

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017).

7.1 2020-04-07 CVE-2017-18680

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).

7.5 2020-04-07 CVE-2017-18678

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-8119 (April 2017).

5.5 2020-04-07 CVE-2017-18672

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
31% (246) CWE-264 Permissions, Privileges, and Access Controls
17% (139) CWE-200 Information Exposure
14% (109) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (65) CWE-20 Improper Input Validation
4% (38) CWE-284 Access Control (Authorization) Issues
3% (27) CWE-189 Numeric Errors
2% (17) CWE-190 Integer Overflow or Wraparound
1% (14) CWE-362 Race Condition
1% (14) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (9) CWE-755 Improper Handling of Exceptional Conditions
1% (8) CWE-787 Out-of-bounds Write
1% (8) CWE-254 Security Features
0% (7) CWE-476 NULL Pointer Dereference
0% (7) CWE-416 Use After Free
0% (7) CWE-19 Data Handling
0% (5) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (4) CWE-399 Resource Management Errors
0% (4) CWE-275 Permission Issues
0% (4) CWE-125 Out-of-bounds Read
0% (3) CWE-388 Error Handling
0% (3) CWE-269 Improper Privilege Management
0% (3) CWE-129 Improper Validation of Array Index
0% (2) CWE-772 Missing Release of Resource after Effective Lifetime
0% (2) CWE-682 Incorrect Calculation
0% (2) CWE-522 Insufficiently Protected Credentials

Snort® IPS/IDS

Date Description
2019-12-24 Google Android libstagefright integer underflow attempt
RuleID : 52289 - Type : OS-MOBILE - Revision : 1
2019-12-24 Google Android libstagefright integer underflow attempt
RuleID : 52288 - Type : OS-MOBILE - Revision : 1
2019-12-10 Android Stagefright MP4 buffer overflow attempt
RuleID : 52101 - Type : OS-MOBILE - Revision : 1
2019-12-10 Android Stagefright MP4 buffer overflow attempt
RuleID : 52100 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51866 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51865 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51864 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51863 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51862 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51861 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51860 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51859 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51858 - Type : OS-MOBILE - Revision : 1
2019-11-15 Android Stagefright MP4 buffer overflow attempt
RuleID : 51857 - Type : OS-MOBILE - Revision : 1
2018-05-23 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063-community - Type : OS-LINUX - Revision : 5
2016-10-11 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063 - Type : OS-LINUX - Revision : 5
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37438 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37437 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37436 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37435 - Type : OS-LINUX - Revision : 2
2015-09-03 Android Stagefright MP4 buffer overflow attempt
RuleID : 35435 - Type : OS-MOBILE - Revision : 5
2015-09-03 Android Stagefright MP4 buffer overflow attempt
RuleID : 35434 - Type : OS-MOBILE - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0020.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0023.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-355ac8a91a.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3659.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0174.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Fedora host is missing a security update.
File: fedora_2017-a253644369.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3657.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3658.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0173.nasl - Type: ACT_GATHER_INFO
2017-11-08 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0168.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3636.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3637.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2920-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2808.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2809.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2811.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2525-1.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3422-1.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2389-1.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1161.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1162.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1167.nasl - Type: ACT_GATHER_INFO