Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-25438 |
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. Published: July 08, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25432 |
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. Published: July 08, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25403 |
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Published: June 11, 2021; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25381 |
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Published: April 09, 2021; 2:15:15 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25343 |
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. Published: March 04, 2021; 5:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25342 |
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Published: March 04, 2021; 5:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2020-35693 |
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5. Published: December 24, 2020; 1:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 5.4 MEDIUM |
CVE-2020-26964 |
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. Published: December 08, 2020; 8:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-13843 |
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). Published: June 04, 2020; 8:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2014-7914 |
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. Published: February 20, 2020; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2011-2343 |
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. Published: February 12, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 2.4 LOW V2.0: 2.1 LOW |
CVE-2014-7224 |
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. Published: February 07, 2020; 11:15:09 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2015-1530 |
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. Published: January 24, 2020; 1:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.0 MEDIUM |
CVE-2015-1525 |
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. Published: January 24, 2020; 1:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-6792 |
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability Published: January 23, 2020; 10:15:13 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5346 |
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). Published: January 08, 2020; 2:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-9465 |
In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003 Published: January 07, 2020; 2:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-9468 |
In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471 Published: January 06, 2020; 1:15:23 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-13098 |
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. Published: July 22, 2019; 12:15:15 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-15835 |
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. Published: November 30, 2018; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |