2020

CVE-2020-12753 (v3: 9.8) 11 May 2020
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader. The LG ID is LVE-SMP-200006 (May 2020).

2019

CVE-2019-20773 (v3: 7.8) 17 Apr 2020
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 (August 2019).
CVE-2019-13714 (v3: 6.1) 25 Nov 2019
Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.

2018

CVE-2018-21051 (v3: 9.8) 8 Apr 2020
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).
CVE-2018-20988 (v3: 7.5) 22 Aug 2019
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.

2017

CVE-2017-18652 (v3: 9.8) 7 Apr 2020
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017).

2016

CVE-2016-1155 (v3: 9.8) 13 Apr 2017
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.
CVE-2016-6754 (v3: 8.8) 25 Nov 2016
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.

2015

2014

CVE-2014-7952 (v3: 7.8) 12 Jan 2018
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

2013

2012

2011

CVE-2011-2855 (v2: 6.8) 19 Sep 2011
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."