U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): android
  • Search Type: Search All
There are 8,218 matching records.
Displaying matches 1,061 through 1,080.
Vuln ID Summary CVSS Severity
CVE-2021-34421

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.

Published: November 11, 2021; 6:15:09 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-43191

JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

Published: November 09, 2021; 10:15:09 AM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-43190

In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.

Published: November 09, 2021; 10:15:09 AM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-43189

In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.

Published: November 09, 2021; 10:15:09 AM -0500
V3.1: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2021-29993

Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.

Published: November 02, 2021; 9:15:07 PM -0400
V3.1: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.

Published: November 02, 2021; 6:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-36808

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.

Published: October 30, 2021; 9:15:07 AM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-0941

In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel

Published: October 25, 2021; 10:15:09 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-0940

In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171315276References: N/A

Published: October 25, 2021; 10:15:09 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-0939

In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A

Published: October 25, 2021; 10:15:09 AM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-0938

In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel

Published: October 25, 2021; 10:15:09 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-0936

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel

Published: October 25, 2021; 10:15:09 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-0935

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel

Published: October 25, 2021; 10:15:09 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-0870

In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2021-0708

In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-0706

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-0705

In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-0703

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-0702

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-0652

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568

Published: October 22, 2021; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH