Android - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Android
(Google)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	7236

Date	Id	Summary	Products	Score	Patch	Annotated
2020-01-08	CVE-2020-0006	In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828	Android	6.5
2020-01-08	CVE-2020-0007	In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807	Android	5.5
2020-01-08	CVE-2020-0008	In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228	Android	4.7
2020-05-14	CVE-2020-0110	In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel	Android, Core_i3\-1000g1_firmware, Core_i3\-1000g4_firmware, Core_i3\-1005g1_firmware, Core_i3\-10100_firmware, Core_i3\-10100e_firmware, Core_i3\-10100f_firmware, Core_i3\-10100t_firmware, Core_i3\-10100te_firmware, Core_i3\-10100y_firmware, Core_i3\-10105_firmware, Core_i3\-10105f_firmware, Core_i3\-10105t_firmware, Core_i3\-10110u_firmware, Core_i3\-10110y_firmware, Core_i3\-10300_firmware, Core_i3\-10300t_firmware, Core_i3\-10305_firmware, Core_i3\-10305t_firmware, Core_i3\-10320_firmware, Core_i3\-10325_firmware, Core_i3\-11100he_firmware, Core_i3\-1110g4_firmware, Core_i3\-1115g4_firmware, Core_i3\-1115g4e_firmware, Core_i3\-1115gre_firmware, Core_i3\-1120g4_firmware, Core_i3\-1125g4_firmware, Core_i5\-10200h_firmware, Core_i5\-10210u_firmware, Core_i5\-10210y_firmware, Core_i5\-10300h_firmware, Core_i5\-1030g4_firmware, Core_i5\-1030g7_firmware, Core_i5\-10310u_firmware, Core_i5\-10310y_firmware, Core_i5\-1035g1_firmware, Core_i5\-1035g4_firmware, Core_i5\-1035g7_firmware, Core_i5\-1038ng7_firmware, Core_i5\-10400_firmware, Core_i5\-10400f_firmware, Core_i5\-10400h_firmware, Core_i5\-10400t_firmware, Core_i5\-10500_firmware, Core_i5\-10500e_firmware, Core_i5\-10500h_firmware, Core_i5\-10500t_firmware, Core_i5\-10500te_firmware, Core_i5\-10505_firmware, Core_i5\-10600_firmware, Core_i5\-10600k_firmware, Core_i5\-10600kf_firmware, Core_i5\-10600t_firmware, Core_i5\-11260h_firmware, Core_i5\-11300h_firmware, Core_i5\-1130g7_firmware, Core_i5\-11320h_firmware, Core_i5\-1135g7_firmware, Core_i5\-11400_firmware, Core_i5\-11400f_firmware, Core_i5\-11400h_firmware, Core_i5\-11400t_firmware, Core_i5\-1140g7_firmware, Core_i5\-1145g7_firmware, Core_i5\-1145g7e_firmware, Core_i5\-1145gre_firmware, Core_i5\-11500_firmware, Core_i5\-11500h_firmware, Core_i5\-11500he_firmware, Core_i5\-11500t_firmware, Core_i5\-1155g7_firmware, Core_i5\-11600_firmware, Core_i5\-11600k_firmware, Core_i5\-11600kf_firmware, Core_i5\-11600t_firmware, Core_i7\-10510u_firmware, Core_i7\-10510y_firmware, Core_i7\-1060g7_firmware, Core_i7\-10610u_firmware, Core_i7\-1065g7_firmware, Core_i7\-1068ng7_firmware, Core_i7\-10700_firmware, Core_i7\-10700e_firmware, Core_i7\-10700f_firmware, Core_i7\-10700k_firmware, Core_i7\-10700kf_firmware, Core_i7\-10700t_firmware, Core_i7\-10700te_firmware, Core_i7\-10710u_firmware, Core_i7\-10750h_firmware, Core_i7\-10810u_firmware, Core_i7\-10850h_firmware, Core_i7\-10870h_firmware, Core_i7\-10875h_firmware, Core_i7\-11370h_firmware, Core_i7\-11375h_firmware, Core_i7\-11390h_firmware, Core_i7\-11600h_firmware, Core_i7\-1160g7_firmware, Core_i7\-1165g7_firmware, Core_i7\-11700_firmware, Core_i7\-11700f_firmware, Core_i7\-11700k_firmware, Core_i7\-11700kf_firmware, Core_i7\-11700t_firmware, Core_i7\-11800h_firmware, Core_i7\-1180g7_firmware, Core_i7\-11850h_firmware, Core_i7\-11850he_firmware, Core_i7\-1185g7_firmware, Core_i7\-1185g7e_firmware, Core_i7\-1185gre_firmware, Core_i7\-1195g7_firmware, Core_i9\-10850k_firmware, Core_i9\-10885h_firmware, Core_i9\-10900_firmware, Core_i9\-10900e_firmware, Core_i9\-10900f_firmware, Core_i9\-10900k_firmware, Core_i9\-10900kf_firmware, Core_i9\-10900t_firmware, Core_i9\-10900te_firmware, Core_i9\-10980hk_firmware, Core_i9\-11900_firmware, Core_i9\-11900f_firmware, Core_i9\-11900h_firmware, Core_i9\-11900k_firmware, Core_i9\-11900kf_firmware, Core_i9\-11900t_firmware, Core_i9\-11950h_firmware, Core_i9\-11980hk_firmware, Jhl6240_firmware, Jhl6340_firmware, Jhl6540_firmware, Jhl7340_firmware, Jhl7440_firmware, Jhl7540_firmware, Jhl8440_firmware, Jhl8540_firmware	7.8
2020-03-10	CVE-2020-0034	In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770	Debian_linux, Android	7.5
2016-08-06	CVE-2016-5696	net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.	Android, Linux_kernel, Vm_server	4.8
2019-08-14	CVE-2019-9506	The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.	Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00c_firmware, Asoka\-Al00ax_firmware, Atomu\-L33_firmware, Atomu\-L41_firmware, Atomu\-L42_firmware, Barca\-Al00_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Cairogo\-L22_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-Al10i_firmware, Columbia\-L29d_firmware, Columbia\-Tl00d_firmware, Cornell\-Al00a_firmware, Cornell\-Al00i_firmware, Cornell\-Al00ind_firmware, Cornell\-Al10ind_firmware, Cornell\-L29a_firmware, Cornell\-Tl10b_firmware, Dubai\-Al00a_firmware, Dura\-Al00a_firmware, Dura\-Tl00a_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Figo\-L23_firmware, Figo\-L31_firmware, Figo\-Tl10b_firmware, Florida\-Al20b_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-L23_firmware, Florida\-Tl10b_firmware, Harry\-Al00c_firmware, Harry\-Al10b_firmware, Harry\-Tl00c_firmware, Hima\-L29c_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_20_pro_firmware, Honor_8a_firmware, Honor_8x_firmware, Honor_view_10_firmware, Honor_view_20_firmware, Imanager_neteco_6000_firmware, Imanager_neteco_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Johnson\-Tl00f_firmware, Katyusha\-Al00a_firmware, Laya\-Al00ep_firmware, Leland\-L21a_firmware, Leland\-L31a_firmware, Leland\-L32a_firmware, Leland\-L32c_firmware, Leland\-L42a_firmware, Leland\-L42c_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-Al10b_firmware, Lelandp\-Al10d_firmware, Lelandp\-L22a_firmware, Lelandp\-L22c_firmware, Lelandp\-L22d_firmware, London\-Al40ind_firmware, Madrid\-Al00a_firmware, Madrid\-Tl00a_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, Neo\-Al00d_firmware, Nova_3_firmware, Nova_4_firmware, Nova_5_firmware, Nova_5i_pro_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, P_smart_2019_firmware, P_smart_firmware, Paris\-Al00ic_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Potter\-Al00c_firmware, Potter\-Al10a_firmware, Princeton\-Al10b_firmware, Princeton\-Al10d_firmware, Princeton\-Tl10c_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y5_2018_firmware, Y5_lite_firmware, Y6_2019_firmware, Y6_prime_2018_firmware, Y6_pro_2019_firmware, Y7_2019_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-Al50a_firmware, Yale\-L21a_firmware, Yale\-L61c_firmware, Yale\-Tl00b_firmware, Yalep\-Al10b_firmware, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_eus, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_tus, Mrg_realtime, Virtualization_host_eus	8.1
2019-02-28	CVE-2019-1988	In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692.	Android	8.8
2019-02-28	CVE-2019-1992	In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069.	Android	7.5
2019-02-28	CVE-2019-1995	In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229.	Android	5.5