Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-20254 |
In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547 Published: August 12, 2022; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-20253 |
In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545125 Published: August 12, 2022; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-43849 |
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. Published: December 23, 2021; 12:15:07 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0920 |
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel Published: December 15, 2021; 2:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2021-0518 |
In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-176541017 Published: July 14, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2021-25441 |
Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. Published: July 08, 2021; 10:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25439 |
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. Published: July 08, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25438 |
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. Published: July 08, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25432 |
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. Published: July 08, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25403 |
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Published: June 11, 2021; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2020-13843 |
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). Published: June 04, 2020; 8:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-20606 |
An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019). Published: March 24, 2020; 4:15:13 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 5.8 MEDIUM |
CVE-2019-19690 |
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. Published: December 18, 2019; 3:15:16 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7817 |
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. Published: June 11, 2018; 5:29:10 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-0865 |
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195. Published: November 16, 2017; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-0864 |
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571. Published: November 16, 2017; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-0863 |
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620. Published: November 16, 2017; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-0862 |
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779. Published: November 16, 2017; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-0843 |
An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488. Published: November 16, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-9685 |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Published: August 18, 2017; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 9.3 HIGH |