CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-10709 254 Bypass 2017-06-30 2017-07-06
7.2
None Local Low Not required Complete Complete Complete
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
2 CVE-2017-0645 200 Bypass +Info 2017-06-14 2017-07-07
4.3
None Remote Medium Not required Partial None None
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.
3 CVE-2017-0639 200 Bypass +Info 2017-06-14 2017-07-07
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.
4 CVE-2017-0602 200 Bypass +Info 2017-05-12 2017-05-19
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.
5 CVE-2017-0601 284 Bypass 2017-05-12 2017-05-19
4.3
None Remote Medium Not required None Partial None
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.
6 CVE-2017-0598 200 Bypass +Info 2017-05-12 2017-05-19
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.
7 CVE-2017-0593 264 Bypass 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.
8 CVE-2017-0560 200 Bypass +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.
9 CVE-2017-0547 200 Bypass +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.
10 CVE-2017-0493 200 Bypass +Info 2017-05-12 2017-05-19
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.
11 CVE-2017-0492 284 Bypass 2017-03-07 2017-07-17
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688.
12 CVE-2017-0491 284 Bypass 2017-03-07 2017-07-17
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261.
13 CVE-2017-0490 284 Bypass 2017-03-07 2017-07-17
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389.
14 CVE-2017-0489 284 Bypass 2017-03-07 2017-07-17
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.
15 CVE-2017-0424 200 Bypass +Info 2017-02-08 2017-07-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450.
16 CVE-2017-0421 200 Bypass +Info 2017-02-08 2017-07-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637.
17 CVE-2017-0420 200 Bypass +Info 2017-02-08 2017-07-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.
18 CVE-2017-0414 200 Bypass +Info 2017-02-08 2017-07-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795.
19 CVE-2017-0413 200 Bypass +Info 2017-02-08 2017-07-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610.
20 CVE-2017-0395 264 Bypass 2017-01-12 2017-01-18
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099.
21 CVE-2017-0388 200 Bypass +Info 2017-01-12 2017-01-17
2.1
None Local Low Not required Partial None None
An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490.
22 CVE-2016-10398 264 Bypass 2017-07-17 2017-07-21
7.2
None Local Low Not required Complete Complete Complete
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.
23 CVE-2016-10239 190 Overflow Bypass 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.
24 CVE-2016-10238 264 Bypass 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.
25 CVE-2016-10044 264 +Priv Bypass 2017-02-07 2017-07-24
7.2
None Local Low Not required Complete Complete Complete
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
26 CVE-2016-6774 200 Bypass +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489.
27 CVE-2016-6771 284 Bypass 2017-01-12 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.
28 CVE-2016-6770 284 Bypass 2017-01-12 2017-01-19
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.
29 CVE-2016-6719 284 Bypass 2016-11-25 2016-12-06
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989.
30 CVE-2016-6718 200 Bypass +Info 2016-11-25 2016-12-06
4.3
None Remote Medium Not required Partial None None
An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516.
31 CVE-2016-6716 284 Bypass 2016-11-25 2016-12-06
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130.
32 CVE-2016-6715 284 Bypass 2016-11-25 2016-12-06
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954.
33 CVE-2016-6710 200 Bypass +Info 2016-11-25 2016-12-06
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115.
34 CVE-2016-6708 284 Bypass 2016-11-25 2016-12-06
2.1
None Local Low Not required None Partial None
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465.
35 CVE-2016-5340 20 Bypass 2016-08-07 2017-08-12
7.2
None Local Low Not required Complete Complete Complete
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
36 CVE-2016-3889 264 Bypass 2016-09-11 2017-08-12
7.2
None Local Low Not required Complete Complete Complete
Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585.
37 CVE-2016-3888 264 Bypass 2016-09-11 2017-08-12
2.1
None Local Low Not required None Partial None
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.
38 CVE-2016-3887 264 Bypass 2016-09-11 2017-08-12
6.8
None Remote Medium Not required Partial Partial Partial
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712.
39 CVE-2016-3884 284 Bypass 2016-09-11 2017-08-12
4.3
None Remote Medium Not required None Partial None
server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441.
40 CVE-2016-3876 264 Bypass 2016-09-11 2017-08-12
7.2
None Local Low Not required Complete Complete Complete
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345.
41 CVE-2016-3875 264 Bypass 2016-09-11 2017-08-12
7.2
None Local Low Not required Complete Complete Complete
server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.
42 CVE-2016-3853 264 Bypass 2016-08-05 2016-11-28
4.9
None Local Low Not required None None Complete
Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.
43 CVE-2016-3834 200 Bypass +Info 2016-08-05 2016-11-28
4.3
None Remote Medium Not required Partial None None
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.
44 CVE-2016-3833 264 Bypass 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
45 CVE-2016-3832 264 Bypass 2016-08-05 2016-11-28
8.3
None Remote Medium Not required Partial Partial Complete
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
46 CVE-2016-3750 20 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
47 CVE-2016-3748 264 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
48 CVE-2016-2498 200 Bypass +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
49 CVE-2016-2457 264 Bypass 2016-05-09 2016-07-12
2.1
None Local Low Not required None Partial None
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.
50 CVE-2016-2423 264 Bypass 2016-04-17 2016-04-25
6.6
None Local Low Not required None Complete Complete
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.
Total number of vulnerabilities : 104   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.