157 matches found
CVE-2021-39799
In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39676
In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-23957
Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2020-0451
In sbrDecoderAssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2020-0415
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...
CVE-2020-0283
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257...
CVE-2020-0078
In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...
CVE-2020-0456
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843...
CVE-2017-10709
The lockscreen on Elephone P9000 devices running Android 6.0 allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess...
CVE-2017-17551
The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...
CVE-2019-9355
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115903122...
CVE-2019-15351
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...
CVE-2019-9600
The Olive Tree FTP Server aka com.theolivetree.ftpserver application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets...
CVE-2019-9388
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Androi...
CVE-2019-9363
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123584306...
CVE-2019-2198
In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID:...
CVE-2019-2036
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
CVE-2019-17395
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...
CVE-2018-17108
The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application...
CVE-2025-2355 BlackVue App API Endpoint credentials storage
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...