This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2017-01-12
Product Android Last view 2021-07-08
Version 7.1.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2021-07-08 CVE-2021-25439

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

7.8 2021-07-08 CVE-2021-25438

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

3.3 2021-07-08 CVE-2021-25432

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

3.3 2021-06-11 CVE-2021-25403

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

7.1 2021-04-06 CVE-2021-30162

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

8.8 2020-12-24 CVE-2020-35693

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.

5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

6.5 2020-04-08 CVE-2018-21092

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).

7.5 2020-04-08 CVE-2018-21091

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018).

9.8 2020-04-08 CVE-2018-21089

An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018).

7.5 2020-04-08 CVE-2018-21088

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018).

9.8 2020-04-08 CVE-2018-21087

An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).

8.1 2020-04-08 CVE-2018-21086

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).

8.1 2020-04-08 CVE-2018-21085

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).

8.1 2020-04-08 CVE-2018-21084

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).

7.5 2020-04-08 CVE-2018-21083

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018).

8.4 2020-04-08 CVE-2018-21082

An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).

9.1 2020-04-08 CVE-2018-21081

An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018).

4.6 2020-04-08 CVE-2018-21080

An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018).

7.5 2020-04-08 CVE-2018-21079

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).

7.5 2020-04-08 CVE-2018-21078

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).

2.4 2020-04-08 CVE-2018-21077

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018).

5.5 2020-04-08 CVE-2018-21076

An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).

9.8 2020-04-08 CVE-2018-21075

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018).

2.4 2020-04-08 CVE-2018-21073

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018).

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
19% (116) CWE-200 Information Exposure
15% (91) CWE-787 Out-of-bounds Write
11% (66) CWE-125 Out-of-bounds Read
9% (55) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (48) CWE-20 Improper Input Validation
3% (23) CWE-190 Integer Overflow or Wraparound
3% (21) CWE-264 Permissions, Privileges, and Access Controls
3% (19) CWE-416 Use After Free
3% (18) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (13) CWE-362 Race Condition
1% (10) CWE-772 Missing Release of Resource after Effective Lifetime
1% (10) CWE-755 Improper Handling of Exceptional Conditions
1% (10) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (8) CWE-415 Double Free
1% (7) CWE-476 NULL Pointer Dereference
1% (6) CWE-682 Incorrect Calculation
1% (6) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (5) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
0% (5) CWE-129 Improper Validation of Array Index
0% (4) CWE-770 Allocation of Resources Without Limits or Throttling
0% (4) CWE-665 Improper Initialization
0% (4) CWE-287 Improper Authentication
0% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (3) CWE-252 Unchecked Return Value
0% (3) CWE-131 Incorrect Calculation of Buffer Size

Snort® IPS/IDS

Date Description
2017-11-07 dnsmasq add_pseudoheader integer underflow attempt
RuleID : 44482 - Type : PROTOCOL-DNS - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1336.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1285.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1306.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1257.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1258.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1186.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1214.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_11_4.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_5.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1015.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1089.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-03-20 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1070.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-967.nasl - Type: ACT_GATHER_INFO
2018-03-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4132.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1290.nasl - Type: ACT_GATHER_INFO
2018-01-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6349371aa1.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7106a157f5.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3453.nasl - Type: ACT_GATHER_INFO