Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7938 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25345 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 4 Medium |
| Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | ||||
| CVE-2021-23243 | 2 Google, Oppo | 36 Android, Oppo A12, Oppo A15 and 33 more | 2024-08-03 | 7.8 High |
| In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | ||||
| CVE-2021-22495 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021). | ||||
| CVE-2021-22494 | 2 Google, Samsung | 2 Android, Galaxy Note 20 | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021). | ||||
| CVE-2021-22492 | 1 Google | 1 Android | 2024-08-03 | 8.8 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021). | ||||
| CVE-2021-21229 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-03 | 6.5 Medium |
| Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2021-21171 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-03 | 6.5 Medium |
| Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2021-21136 | 2 Google, Microsoft | 3 Android, Chrome, Edge Chromium | 2024-08-03 | 6.5 Medium |
| Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-03 | 4.3 Medium |
| If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | ||||
| CVE-2021-3022 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021). | ||||
| CVE-2021-1048 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel | ||||
| CVE-2021-1028 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683 | ||||
| CVE-2021-1067 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-08-03 | 6.8 Medium |
| NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges. | ||||
| CVE-2021-1021 | 1 Google | 1 Android | 2024-08-03 | 7.3 High |
| In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 | ||||
| CVE-2021-1043 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A | ||||
| CVE-2021-1045 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
| Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A | ||||
| CVE-2021-1050 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200 | ||||
| CVE-2021-1031 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
| In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 | ||||
| CVE-2021-1042 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A | ||||
| CVE-2021-0956 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 | ||||