Android Security Vulnerabilities and Issues — Page 9 of Android CVE List

5.3CVSS5.5AI score0.00092EPSS

CVE-2017-18657

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017).

5.3CVSS5.3AI score0.0011EPSS

CVE-2017-18659

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017).

7.5CVSS7.6AI score0.00081EPSS

CVE-2017-18666

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 2017).

7.8CVSS7.4AI score0.00125EPSS

CVE-2017-18674

An issue was discovered on Samsung mobile devices with N(7.0) software. The time service (aka Timaservice) allows a kernel panic. The Samsung ID is SVE-2017-8593 (May 2017).

9.8CVSS9.3AI score0.00147EPSS

CVE-2017-18684

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017).

7.8CVSS7.5AI score0.00125EPSS

CVE-2017-18685

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017).

5.3CVSS5.4AI score0.00091EPSS

CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017).

10CVSS9.3AI score0.0017EPSS

CVE-2018-21049

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).

4.6CVSS4.7AI score0.0002EPSS

CVE-2018-21053

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).

10CVSS9.5AI score0.00195EPSS

CVE-2018-21055

An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).

3.3CVSS4.1AI score0.00018EPSS

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).

CVE•added 2020/04/08 2:15 p.m.•38 views

CVE-2018-21091

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018).

7.8CVSS7.6AI score0.00125EPSS

CVE•added 2020/03/24 6:15 p.m.•38 views

CVE-2019-20533

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).

3.3CVSS4.3AI score0.00017EPSS

CVE•added 2020/03/24 8:15 p.m.•38 views

CVE-2019-20596

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).

9.1CVSS8.7AI score0.00147EPSS

CVE•added 2020/03/24 8:15 p.m.•38 views

CVE-2019-20611

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).

10CVSS9.8AI score0.00231EPSS

CVE•added 2020/03/10 8:15 p.m.•38 views

CVE-2020-0031

In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...

5CVSS4.8AI score0.00034EPSS

CVE•added 2020/05/14 9:15 p.m.•38 views

CVE-2020-0091

In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700

5.5CVSS5.5AI score0.00019EPSS

CVE•added 2020/06/11 3:15 p.m.•38 views

CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930

6.9CVSS7.1AI score0.00013EPSS

CVE•added 2020/06/11 3:15 p.m.•38 views

CVE-2020-0147

In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product:...

4.4CVSS4.9AI score0.00016EPSS

CVE•added 2020/09/18 4:15 p.m.•38 views

CVE-2020-0272

In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487

4.4CVSS5AI score0.00016EPSS

CVE•added 2020/09/17 9:15 p.m.•38 views

CVE-2020-0279

In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997

6.5CVSS6.5AI score0.00244EPSS

CVE•added 2020/09/18 4:15 p.m.•38 views

CVE-2020-0286

In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479

7.5CVSS7.3AI score0.00312EPSS

CVE•added 2020/09/17 9:15 p.m.•38 views

CVE-2020-0293

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A...

5.5CVSS5.7AI score0.00176EPSS

CVE•added 2020/09/18 4:15 p.m.•38 views

CVE-2020-0313

In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989

5.5CVSS5.8AI score0.00017EPSS

CVE•added 2020/03/24 6:15 p.m.•38 views

CVE-2020-10843

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020).

7CVSS6.9AI score0.00013EPSS

CVE•added 2020/06/04 6:15 p.m.•38 views

CVE-2020-13836

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).

7.5CVSS7.6AI score0.00163EPSS

CVE•added 2020/04/07 2:15 p.m.•37 views

CVE-2016-11028

An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).

9.8CVSS9.7AI score0.00159EPSS

CVE•added 2020/04/07 2:15 p.m.•37 views

CVE-2016-11034

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016).

7.1CVSS6.4AI score0.00106EPSS

CVE•added 2020/04/07 2:15 p.m.•37 views

CVE-2016-11038

An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5...

9.8CVSS9.7AI score0.00187EPSS

CVE•added 2020/04/07 1:15 p.m.•37 views

CVE-2016-11048

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).

4.6CVSS4.8AI score0.00019EPSS

CVE•added 2020/01/08 7:15 p.m.•37 views

CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID ...

5.5CVSS6.3AI score0.00105EPSS

CVE•added 2020/04/08 1:15 p.m.•37 views

CVE-2017-18646

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).

4.6CVSS5AI score0.00018EPSS

7.5CVSS7.6AI score0.00131EPSS

CVE-2017-18654

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0, 7.1) software. An unauthenticated attacker can register a new security certificate. The Samsung ID is SVE-2017-9659 (September 2017).

7.5CVSS7.6AI score0.00123EPSS

CVE-2017-18662

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 (July 2017).

7.5CVSS7.5AI score0.00114EPSS

CVE-2017-18664

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017).

7.5CVSS7.6AI score0.00081EPSS

CVE-2017-18669

An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).

5.5CVSS5.5AI score0.00015EPSS

CVE-2017-18672

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).

2.4CVSS4.1AI score0.00019EPSS

CVE-2017-18673

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).

7.5CVSS7.5AI score0.00092EPSS

CVE-2017-18676

An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. There is an RKP kernel protection bypass (in which unwanted memory mappings may occur) because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 (April 2017).