This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2014-12-17
Product Android Last view 2020-06-05
Version 6.0.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

6.5 2020-04-08 CVE-2018-21092

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).

7.5 2020-04-08 CVE-2018-21091

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018).

9.8 2020-04-08 CVE-2018-21087

An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).

3.3 2020-04-08 CVE-2018-21074

An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).

4.6 2020-04-08 CVE-2017-18646

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).

9.8 2020-04-08 CVE-2017-18645

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. There is a panel_lpm sysfs stack-based buffer overflow. The Samsung ID is SVE-2017-9414 (December 2017).

9.8 2020-04-08 CVE-2017-18644

An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. There is a muic_set_reg_sel heap-based buffer overflow during the reading of MUIC register values. The Samsung ID is SVE-2017-10011 (December 2017).

7.5 2020-04-08 CVE-2017-18643

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017).

7.5 2020-04-07 CVE-2017-18651

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is an Integer Overflow in process_M_SetTokenTUIPasswd during handling of a trusted application, leading to memory corruption. The Samsung IDs are SVE-2017-9008 and SVE-2017-9009 (October 2017).

9.1 2020-04-07 CVE-2017-18648

An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).

8.1 2020-04-07 CVE-2017-18647

An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017).

5.5 2020-01-08 CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).

5.5 2020-01-07 CVE-2019-9465

In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003

7.8 2020-01-06 CVE-2019-9468

In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471

7.5 2018-11-30 CVE-2018-15835

Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.

8.8 2018-11-06 CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183.

7.5 2018-11-06 CVE-2018-9455

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677.

5.5 2018-11-06 CVE-2018-9454

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118.

5.5 2018-11-06 CVE-2018-9453

In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378.

5.5 2018-11-06 CVE-2018-9451

In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511.

8.8 2018-11-06 CVE-2018-9450

In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338.

9.8 2018-11-06 CVE-2018-9446

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946.

6.8 2018-11-06 CVE-2018-9445

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257.

5.5 2018-11-06 CVE-2018-9444

In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
27% (248) CWE-264 Permissions, Privileges, and Access Controls
20% (188) CWE-200 Information Exposure
12% (113) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (82) CWE-20 Improper Input Validation
4% (39) CWE-284 Access Control (Authorization) Issues
3% (32) CWE-787 Out-of-bounds Write
2% (22) CWE-125 Out-of-bounds Read
2% (19) CWE-190 Integer Overflow or Wraparound
1% (13) CWE-416 Use After Free
1% (12) CWE-362 Race Condition
1% (12) CWE-189 Numeric Errors
1% (12) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (11) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (11) CWE-254 Security Features
0% (8) CWE-772 Missing Release of Resource after Effective Lifetime
0% (8) CWE-19 Data Handling
0% (6) CWE-682 Incorrect Calculation
0% (6) CWE-476 NULL Pointer Dereference
0% (6) CWE-399 Resource Management Errors
0% (5) CWE-129 Improper Validation of Array Index
0% (4) CWE-755 Improper Handling of Exceptional Conditions
0% (4) CWE-665 Improper Initialization
0% (4) CWE-269 Improper Privilege Management
0% (4) CWE-172 Encoding Error
0% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

Snort® IPS/IDS

Date Description
2017-11-07 dnsmasq add_pseudoheader integer underflow attempt
RuleID : 44482 - Type : PROTOCOL-DNS - Revision : 2
2018-05-23 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063-community - Type : OS-LINUX - Revision : 5
2016-10-11 Linux Kernel Challenge ACK provocation attempt
RuleID : 40063 - Type : OS-LINUX - Revision : 5
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37438 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37437 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37436 - Type : OS-LINUX - Revision : 2
2016-03-14 Linux Kernel keyring object exploit download attempt
RuleID : 37435 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1336.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1285.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1306.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1257.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1258.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1186.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1214.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_11_4.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_5.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1015.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1089.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-03-20 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1070.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-967.nasl - Type: ACT_GATHER_INFO
2018-03-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4132.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0020.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0023.nasl - Type: ACT_GATHER_INFO