Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1037 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 | ||||
| CVE-2021-1034 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322 | ||||
| CVE-2021-1025 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193800652 | ||||
| CVE-2021-1017 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850 | ||||
| CVE-2021-1011 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307 | ||||
| CVE-2021-1010 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801 | ||||
| CVE-2021-1004 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180 | ||||
| CVE-2021-0999 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999 | ||||
| CVE-2021-0994 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 | ||||
| CVE-2021-0986 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339 | ||||
| CVE-2021-0985 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923 | ||||
| CVE-2021-0982 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 | ||||
| CVE-2021-0978 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 | ||||
| CVE-2021-0965 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
| In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 | ||||
| CVE-2021-0926 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 | ||||
| CVE-2021-0923 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390 | ||||
| CVE-2021-0922 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 | ||||
| CVE-2021-0735 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 | ||||
| CVE-2021-0706 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889 | ||||
| CVE-2021-0686 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831 | ||||