This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2017-09-08
Product Android Last view 2020-06-05
Version 7.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

7.8 2020-06-05 CVE-2020-13842

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).

9.8 2020-06-05 CVE-2020-13840

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).

9.8 2020-06-05 CVE-2020-13839

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).

7.8 2020-05-11 CVE-2020-12754

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020).

9.8 2020-05-11 CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

9.8 2020-04-17 CVE-2020-11873

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID is LVE-SMP-200005 (April 2020).

5.5 2020-04-17 CVE-2019-20784

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).

9.1 2020-04-17 CVE-2019-20783

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019).

9.8 2020-04-17 CVE-2019-20782

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. LG Advanced Flash (LAF) has a buffer overflow. The LG ID is LVE-SMP-190001 (March 2019).

9.8 2020-04-17 CVE-2019-20780

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).

5.5 2020-04-17 CVE-2019-20779

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).

9.8 2020-04-17 CVE-2019-20778

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is LVE-SMP-190004 (June 2019).

9.8 2020-04-17 CVE-2019-20777

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019).

5.5 2020-04-17 CVE-2019-20776

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).

5.5 2020-04-17 CVE-2019-20774

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).

7.8 2020-04-17 CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 (August 2019).

9.8 2020-04-17 CVE-2019-20772

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019).

7.5 2020-04-17 CVE-2019-20771

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019).

5.5 2020-01-07 CVE-2019-9465

In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003

7.8 2020-01-06 CVE-2019-9468

In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471

7.5 2018-11-30 CVE-2018-15835

Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.

9.8 2018-08-17 CVE-2018-15482

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.

9.8 2018-08-17 CVE-2018-14982

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.

9.8 2018-08-17 CVE-2018-14981

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.

CWE : Common Weakness Enumeration

%idName
21% (12) CWE-200 Information Exposure
10% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (5) CWE-362 Race Condition
8% (5) CWE-20 Improper Input Validation
7% (4) CWE-190 Integer Overflow or Wraparound
7% (4) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (3) CWE-732 Incorrect Permission Assignment for Critical Resource
3% (2) CWE-416 Use After Free
3% (2) CWE-287 Improper Authentication
3% (2) CWE-125 Out-of-bounds Read
3% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (1) CWE-787 Out-of-bounds Write
1% (1) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-682 Incorrect Calculation
1% (1) CWE-415 Double Free
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-269 Improper Privilege Management
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-193 Off-by-one Error
1% (1) CWE-129 Improper Validation of Array Index

Nessus® Vulnerability Scanner

id Description
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO