This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2017-09-08
Product Android Last view 2021-07-08
Version 8.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2021-07-08 CVE-2021-25439

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

7.8 2021-07-08 CVE-2021-25438

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

3.3 2021-07-08 CVE-2021-25432

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

3.3 2021-06-11 CVE-2021-25403

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

5.5 2021-04-23 CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

7.1 2021-04-06 CVE-2021-30162

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

4.4 2021-03-26 CVE-2021-25370

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

5.5 2021-03-26 CVE-2021-25369

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

9.8 2021-03-04 CVE-2021-25346

A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.

9.8 2021-02-04 CVE-2021-26689

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).

9.8 2021-02-04 CVE-2021-26687

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).

7.3 2021-01-11 CVE-2021-0319

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818.

7.8 2021-01-11 CVE-2021-0317

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670.

9.8 2021-01-11 CVE-2021-0316

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990.

7.3 2021-01-11 CVE-2021-0315

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.

7.5 2021-01-11 CVE-2021-0313

In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514.

6.5 2021-01-11 CVE-2021-0312

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712.

6.5 2021-01-11 CVE-2021-0311

In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631.

5.5 2021-01-11 CVE-2021-0309

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899.

7.8 2021-01-11 CVE-2021-0308

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.

7.8 2021-01-11 CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240.

5.5 2021-01-11 CVE-2021-0304

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636.

7.8 2021-01-11 CVE-2020-27059

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069.

9.8 2021-01-11 CVE-2020-0471

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567.

5.5 2021-01-05 CVE-2021-22495

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
20% (129) CWE-787 Out-of-bounds Write
15% (93) CWE-200 Information Exposure
14% (90) CWE-125 Out-of-bounds Read
6% (42) CWE-20 Improper Input Validation
5% (32) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (29) CWE-416 Use After Free
3% (24) CWE-190 Integer Overflow or Wraparound
3% (23) CWE-269 Improper Privilege Management
2% (17) CWE-276 Incorrect Default Permissions
2% (13) CWE-362 Race Condition
2% (13) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (11) CWE-415 Double Free
1% (9) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (8) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (6) CWE-476 NULL Pointer Dereference
0% (5) CWE-772 Missing Release of Resource after Effective Lifetime
0% (5) CWE-287 Improper Authentication
0% (5) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (4) CWE-682 Incorrect Calculation
0% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (4) CWE-264 Permissions, Privileges, and Access Controls
0% (3) CWE-755 Improper Handling of Exceptional Conditions
0% (3) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
0% (3) CWE-191 Integer Underflow (Wrap or Wraparound)
0% (3) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Snort® IPS/IDS

Date Description
2017-11-07 dnsmasq add_pseudoheader integer underflow attempt
RuleID : 44482 - Type : PROTOCOL-DNS - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1285.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_11_4.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_5.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1015.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-967.nasl - Type: ACT_GATHER_INFO
2018-03-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4132.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1290.nasl - Type: ACT_GATHER_INFO
2018-01-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6349371aa1.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7106a157f5.nasl - Type: ACT_GATHER_INFO
2017-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2017-515264ae24.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-27.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote Fedora host is missing a security update.
File: fedora_2017-24f067299e.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-275-01.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3430-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2619-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2618-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2617-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2616-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20171002_dnsmasq_on_SL7_x.nasl - Type: ACT_GATHER_INFO