Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Android
Total 4624 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30596 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2021-09-24 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-25460 1 Google 1 Android 2021-09-23 2.1 LOW 5.5 MEDIUM
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
CVE-2021-25462 1 Google 1 Android 2021-09-23 2.1 LOW 5.5 MEDIUM
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
CVE-2021-25458 1 Google 1 Android 2021-09-23 2.1 LOW 5.5 MEDIUM
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
CVE-2021-25455 1 Google 1 Android 2021-09-23 4.3 MEDIUM 3.3 LOW
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
CVE-2021-25453 1 Google 1 Android 2021-09-23 2.1 LOW 5.5 MEDIUM
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
CVE-2021-25452 2 Google, Samsung 4 Android, Exynos 2100, Exynos 980 and 1 more 2021-09-23 4.9 MEDIUM 5.5 MEDIUM
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
CVE-2021-25451 1 Google 1 Android 2021-09-23 4.3 MEDIUM 3.3 LOW
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
CVE-2021-25463 1 Google 1 Android 2021-09-22 2.1 LOW 3.3 LOW
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
CVE-2021-25450 1 Google 1 Android 2021-09-22 3.3 LOW 6.5 MEDIUM
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
CVE-2021-25461 1 Google 1 Android 2021-09-22 4.6 MEDIUM 7.8 HIGH
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
CVE-2021-25449 1 Google 1 Android 2021-09-22 7.5 HIGH 9.8 CRITICAL
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
CVE-2021-25459 1 Google 1 Android 2021-09-22 2.1 LOW 5.5 MEDIUM
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
CVE-2021-25454 1 Google 1 Android 2021-09-22 4.3 MEDIUM 5.5 MEDIUM
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
CVE-2021-25457 2 Google, Samsung 4 Android, Exynos 2100, Exynos 980 and 1 more 2021-09-22 2.1 LOW 3.3 LOW
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
CVE-2021-25456 1 Google 1 Android 2021-09-22 4.3 MEDIUM 5.5 MEDIUM
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
CVE-2021-0462 1 Google 1 Android 2021-09-21 4.6 MEDIUM 6.7 MEDIUM
In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695
CVE-2021-25407 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2021-09-21 4.6 MEDIUM 7.8 HIGH
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
CVE-2020-0028 1 Google 1 Android 2021-09-14 7.1 HIGH 6.5 MEDIUM
In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-122652057
CVE-2021-0586 1 Google 1 Android 2021-09-13 6.9 MEDIUM 7.8 HIGH
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940