CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » 11.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30162 Bypass 2021-04-06 2021-04-13
3.6
None Local Low Not required Partial Partial None
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
2 CVE-2021-30161 Bypass 2021-04-06 2021-04-12
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).
3 CVE-2021-27901 2021-03-02 2021-03-08
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
4 CVE-2021-25430 287 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
5 CVE-2021-25429 269 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
6 CVE-2021-25428 20 2021-07-08 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
7 CVE-2021-25427 89 Sql 2021-07-08 2021-07-14
3.3
None Local Network Low Not required Partial None None
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
8 CVE-2021-25426 200 +Info 2021-07-08 2021-07-12
5.0
None Remote Low Not required Partial None None
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
9 CVE-2021-25414 2021-06-11 2021-06-16
4.6
None Local Low Not required Partial Partial Partial
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.
10 CVE-2021-25413 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
11 CVE-2021-25410 863 2021-06-11 2021-06-16
3.6
None Local Low Not required Partial Partial None
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
12 CVE-2021-25397 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
13 CVE-2021-25395 362 Bypass 2021-06-11 2021-06-16
4.4
None Local Medium Not required Partial Partial Partial
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
14 CVE-2021-25394 362 2021-06-11 2021-06-16
4.4
None Local Medium Not required Partial Partial Partial
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
15 CVE-2021-25393 732 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
16 CVE-2021-25392 326 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
17 CVE-2021-25391 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
18 CVE-2021-25390 2021-06-11 2021-06-16
1.9
None Local Medium Not required Partial None None
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
19 CVE-2021-25388 354 2021-06-11 2021-06-16
3.6
None Local Low Not required Partial Partial None
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
20 CVE-2021-25387 787 Exec Code 2021-06-11 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
21 CVE-2021-25386 120 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
22 CVE-2021-25385 120 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
23 CVE-2021-25384 20 Exec Code 2021-06-11 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
24 CVE-2021-25383 120 Exec Code 2021-06-11 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
25 CVE-2021-25382 863 2021-04-23 2021-05-03
3.6
None Local Low Not required Partial Partial None
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
26 CVE-2021-25370 Mem. Corr. 2021-03-26 2021-03-31
4.9
None Local Low Not required None None Complete
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
27 CVE-2021-25365 269 2021-04-09 2021-04-26
7.2
None Local Low Not required Complete Complete Complete
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.
28 CVE-2021-25364 200 +Info 2021-04-09 2021-04-26
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
29 CVE-2021-25363 269 2021-04-09 2021-04-26
3.6
None Local Low Not required None Partial Partial
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
30 CVE-2021-25361 22 Dir. Trav. 2021-04-09 2021-04-26
7.2
None Local Low Not required Complete Complete Complete
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
31 CVE-2021-25359 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
32 CVE-2021-25356 863 2021-04-09 2021-06-11
7.2
None Local Low Not required Complete Complete Complete
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
33 CVE-2021-25347 2021-03-04 2021-03-12
4.6
None Local Low Not required Partial Partial Partial
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
34 CVE-2021-25344 276 2021-03-04 2021-03-11
2.1
None Local Low Not required Partial None None
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
35 CVE-2021-25337 863 2021-03-04 2021-03-11
5.8
None Remote Medium Not required Partial Partial None
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
36 CVE-2021-25334 20 DoS 2021-03-04 2021-03-11
4.7
None Local Medium Not required None None Complete
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.
37 CVE-2021-0605 125 2021-06-22 2021-06-25
4.9
None Local Low Not required Complete None None
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
38 CVE-2021-0604 2021-07-14 2021-07-16
1.9
None Local Medium Not required Partial None None
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660
39 CVE-2021-0603 276 2021-07-14 2021-07-16
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425
40 CVE-2021-0602 269 Bypass 2021-07-14 2021-07-14
7.2
None Local Low Not required Complete Complete Complete
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895
41 CVE-2021-0601 787 Exec Code 2021-07-14 2021-07-15
4.9
None Local Low Not required Complete None None
In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802
42 CVE-2021-0600 20 2021-07-14 2021-07-15
6.9
None Local Medium Not required Complete Complete Complete
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963
43 CVE-2021-0599 610 2021-07-14 2021-07-15
4.9
None Local Low Not required Complete None None
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289
44 CVE-2021-0597 862 2021-07-14 2021-07-15
4.9
None Local Low Not required Complete None None
In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502
45 CVE-2021-0596 125 2021-07-14 2021-07-16
7.8
None Remote Low Not required Complete None None
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550
46 CVE-2021-0594 20 Bypass 2021-07-14 2021-07-16
7.9
None Local Network Medium Not required Complete Complete Complete
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224
47 CVE-2021-0590 276 2021-07-14 2021-07-16
4.9
None Local Low Not required Complete None None
In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041
48 CVE-2021-0589 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982
49 CVE-2021-0587 787 2021-07-14 2021-07-16
7.2
None Local Low Not required Complete Complete Complete
In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758
50 CVE-2021-0586 1021 2021-07-14 2021-07-16
6.9
None Local Medium Not required Complete Complete Complete
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940
Total number of vulnerabilities : 469   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.