This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2017-09-08
Product Android Last view 2020-06-10
Version 8.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:google:android

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-06-10 CVE-2020-0117

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194

7.8 2020-06-10 CVE-2020-0115

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428

5.5 2020-06-05 CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

7.8 2020-06-05 CVE-2020-13842

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).

9.8 2020-06-05 CVE-2020-13840

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).

9.8 2020-06-05 CVE-2020-13839

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).

7.5 2020-06-04 CVE-2020-13836

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).

9.8 2020-06-04 CVE-2020-13835

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).

7.5 2020-06-04 CVE-2020-13834

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).

9.1 2020-06-04 CVE-2020-13833

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).

9.8 2020-06-04 CVE-2020-13831

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).

7.8 2020-05-14 CVE-2020-0102

In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677

5.5 2020-05-14 CVE-2020-0101

In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096

5.5 2020-05-14 CVE-2020-0100

In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584

7.8 2020-05-14 CVE-2020-0098

In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917

7.8 2020-05-14 CVE-2020-0096

In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109

5 2020-05-14 CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132

7.8 2020-05-14 CVE-2020-0024

In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265

7.8 2020-05-11 CVE-2020-12754

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020).

9.8 2020-05-11 CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

7.8 2020-05-11 CVE-2020-12751

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020).

9.8 2020-05-11 CVE-2020-12746

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).

9.8 2020-05-06 CVE-2020-8899

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

7.8 2020-04-17 CVE-2020-11875

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).

7.5 2020-04-17 CVE-2020-11874

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
18% (106) CWE-787 Out-of-bounds Write
17% (99) CWE-200 Information Exposure
13% (78) CWE-125 Out-of-bounds Read
7% (41) CWE-20 Improper Input Validation
6% (37) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (25) CWE-416 Use After Free
3% (20) CWE-264 Permissions, Privileges, and Access Controls
3% (18) CWE-190 Integer Overflow or Wraparound
2% (14) CWE-362 Race Condition
2% (14) CWE-269 Improper Privilege Management
1% (11) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (10) CWE-415 Double Free
1% (9) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (6) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (6) CWE-287 Improper Authentication
1% (6) CWE-276 Incorrect Default Permissions
0% (5) CWE-772 Missing Release of Resource after Effective Lifetime
0% (5) CWE-476 NULL Pointer Dereference
0% (4) CWE-682 Incorrect Calculation
0% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (3) CWE-704 Incorrect Type Conversion or Cast
0% (3) CWE-191 Integer Underflow (Wrap or Wraparound)
0% (3) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (2) CWE-770 Allocation of Resources Without Limits or Throttling

Snort® IPS/IDS

Date Description
2017-11-07 dnsmasq add_pseudoheader integer underflow attempt
RuleID : 44482 - Type : PROTOCOL-DNS - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1285.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_11_4.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_5.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1015.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-967.nasl - Type: ACT_GATHER_INFO
2018-03-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4132.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1290.nasl - Type: ACT_GATHER_INFO
2018-01-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6349371aa1.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7106a157f5.nasl - Type: ACT_GATHER_INFO
2017-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2017-515264ae24.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-27.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote Fedora host is missing a security update.
File: fedora_2017-24f067299e.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-275-01.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3430-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2619-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2618-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2617-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2616-1.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20171002_dnsmasq_on_SL7_x.nasl - Type: ACT_GATHER_INFO