Total
3306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0926 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 | ||||
| CVE-2021-0923 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390 | ||||
| CVE-2021-0922 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 | ||||
| CVE-2021-0686 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831 | ||||
| CVE-2021-0735 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 | ||||
| CVE-2021-0673 | 2 Google, Mediatek | 28 Android, Mt6779, Mt6781 and 25 more | 2024-08-03 | 7.8 High |
| In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326. | ||||
| CVE-2021-0706 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889 | ||||
| CVE-2021-0681 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337 | ||||
| CVE-2021-0642 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | ||||
| CVE-2021-0682 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555 | ||||
| CVE-2021-0680 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676 | ||||
| CVE-2021-0653 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370 | ||||
| CVE-2021-0672 | 2 Google, Mediatek | 64 Android, Mt6731, Mt6732 and 61 more | 2024-08-03 | 5.5 Medium |
| In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035 | ||||
| CVE-2021-0654 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A | ||||
| CVE-2021-0641 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | ||||
| CVE-2021-0643 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183612370 | ||||
| CVE-2021-0547 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048 | ||||
| CVE-2021-0568 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238 | ||||
| CVE-2021-0597 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502 | ||||
| CVE-2021-0554 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162 | ||||