Total
237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1031 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 | |||||
CVE-2021-0991 | 1 Google | 1 Android | 2023-12-10 | 2.7 LOW | 2.4 LOW |
In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181588752 | |||||
CVE-2021-25486 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. | |||||
CVE-2021-0995 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536547 | |||||
CVE-2021-25455 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. | |||||
CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | |||||
CVE-2021-25439 | 2 Google, Samsung | 2 Android, Members | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
CVE-2021-25358 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications. | |||||
CVE-2021-38591 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021). | |||||
CVE-2021-25364 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | |||||
CVE-2021-25403 | 2 Google, Samsung | 2 Android, Account | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. | |||||
CVE-2021-25359 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. | |||||
CVE-2021-25409 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 2.4 LOW |
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. | |||||
CVE-2020-0412 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416 | |||||
CVE-2020-0481 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962 | |||||
CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
CVE-2020-0459 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687 | |||||
CVE-2021-25336 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. | |||||
CVE-2020-27056 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161356067 |