Total
237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1015 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496 | |||||
CVE-2021-25484 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | |||||
CVE-2021-0982 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 | |||||
CVE-2021-0992 | 1 Google | 1 Android | 2023-12-10 | 1.9 LOW | 3.3 LOW |
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327 | |||||
CVE-2021-1018 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891 | |||||
CVE-2021-1034 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322 | |||||
CVE-2021-0987 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 | |||||
CVE-2021-0983 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192245204 | |||||
CVE-2022-22266 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | |||||
CVE-2021-0978 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 | |||||
CVE-2021-39628 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 | |||||
CVE-2021-0994 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 | |||||
CVE-2022-22267 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | |||||
CVE-2021-0988 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 | |||||
CVE-2022-22269 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | |||||
CVE-2022-22272 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | |||||
CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | |||||
CVE-2021-25519 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | |||||
CVE-2021-1032 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 | |||||
CVE-2021-25515 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. |