CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30713 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
2 CVE-2022-30711 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
3 CVE-2022-30710 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
4 CVE-2022-27835 119 Overflow 2022-04-11 2022-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
5 CVE-2022-27572 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
6 CVE-2022-27571 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
7 CVE-2022-27570 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
8 CVE-2022-27569 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
9 CVE-2022-27568 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
10 CVE-2022-26098 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
11 CVE-2022-20238 119 Overflow 2022-07-13 2022-07-26
10.0
None Remote Low Not required Complete Complete Complete
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555
12 CVE-2022-20229 787 Exec Code 2022-07-13 2022-07-26
10.0
None Remote Low Not required Complete Complete Complete
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184
13 CVE-2022-20222 787 Exec Code 2022-07-13 2022-07-25
10.0
None Remote Low Not required Complete Complete Complete
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096
14 CVE-2022-20216 2022-07-13 2022-07-21
10.0
None Remote Low Not required Complete Complete Complete
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916
15 CVE-2022-20210 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888
16 CVE-2022-20191 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A
17 CVE-2022-20173 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A
18 CVE-2022-20171 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A
19 CVE-2022-20170 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A
20 CVE-2022-20167 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A
21 CVE-2022-20164 2022-06-15 2022-06-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A
22 CVE-2022-20160 2022-06-15 2022-06-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A
23 CVE-2022-20145 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636
24 CVE-2022-20140 787 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988
25 CVE-2022-20130 787 Exec Code Overflow 2022-06-15 2022-06-23
10.0
None Remote Low Not required Complete Complete Complete
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
26 CVE-2022-20127 787 Exec Code 2022-06-15 2022-06-23
10.0
None Remote Low Not required Complete Complete Complete
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119
27 CVE-2022-20120 2022-05-10 2022-05-17
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A
28 CVE-2021-39787 610 2022-03-30 2022-04-05
9.3
None Remote Medium Not required Complete Complete Complete
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934
29 CVE-2021-39737 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A
30 CVE-2021-39723 2022-03-16 2022-03-22
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A
31 CVE-2021-39720 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A
32 CVE-2021-39710 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A
33 CVE-2021-39708 119 Overflow 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341
34 CVE-2021-39706 862 2022-03-16 2022-07-12
9.3
None Remote Medium Not required Complete Complete Complete
In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168
35 CVE-2021-39702 1021 2022-03-16 2022-03-23
9.3
None Remote Medium Not required Complete Complete Complete
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380
36 CVE-2021-39701 20 2022-03-16 2022-03-23
9.3
None Remote Medium Not required Complete Complete Complete
In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849
37 CVE-2021-39692 1021 Bypass 2022-03-16 2022-03-23
9.3
None Remote Medium Not required Complete Complete Complete
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539
38 CVE-2021-39675 787 Overflow 2022-02-11 2022-02-17
10.0
None Remote Low Not required Complete Complete Complete
In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183
39 CVE-2021-39658 276 2022-02-11 2023-01-25
10.0
None Remote Low Not required Complete Complete Complete
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207
40 CVE-2021-39645 2021-12-15 2022-07-12
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A
41 CVE-2021-39635 276 +Info 2022-02-11 2023-01-25
9.4
None Remote Low Not required Complete Complete None
ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634
42 CVE-2021-39623 269 2022-01-14 2022-01-15
10.0
None Remote Low Not required Complete Complete Complete
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348
43 CVE-2021-39616 2022-02-11 2022-02-15
10.0
None Remote Low Not required Complete Complete Complete
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438
44 CVE-2021-1049 2022-01-14 2022-01-20
10.0
None Remote Low Not required Complete Complete Complete
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722
45 CVE-2021-0967 787 Exec Code 2021-12-15 2021-12-17
9.3
None Remote Medium Not required Complete Complete Complete
In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614
46 CVE-2021-0956 787 2021-12-15 2021-12-20
10.0
None Remote Low Not required Complete Complete Complete
In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532
47 CVE-2021-0889 Exec Code 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296
48 CVE-2021-0870 362 Exec Code Mem. Corr. 2021-10-22 2021-11-29
9.3
None Remote Medium Not required Complete Complete Complete
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262
49 CVE-2021-0592 787 Exec Code 2021-07-14 2021-07-16
9.3
None Remote Medium Not required Complete Complete Complete
In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006
50 CVE-2021-0515 787 Exec Code 2021-07-14 2021-07-16
10.0
None Remote Low Not required Complete Complete Complete
In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063
Total number of vulnerabilities : 932   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.