Filtered by vendor Google
Subscribe
Total
10294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1048 | 1 Google | 1 Android | 2021-12-20 | 7.2 HIGH | 7.8 HIGH |
| In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel | |||||
| CVE-2021-1042 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A | |||||
| CVE-2021-1003 | 1 Google | 1 Android | 2021-12-20 | 4.6 MEDIUM | 7.8 HIGH |
| In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506 | |||||
| CVE-2021-1047 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A | |||||
| CVE-2021-1046 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195609074References: N/A | |||||
| CVE-2021-0953 | 1 Google | 1 Android | 2021-12-20 | 7.2 HIGH | 7.8 HIGH |
| In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 | |||||
| CVE-2021-0954 | 1 Google | 1 Android | 2021-12-20 | 6.9 MEDIUM | 7.3 HIGH |
| In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931 | |||||
| CVE-2021-0955 | 1 Google | 1 Android | 2021-12-20 | 6.9 MEDIUM | 7.0 HIGH |
| In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 | |||||
| CVE-2021-0956 | 1 Google | 1 Android | 2021-12-20 | 10.0 HIGH | 9.8 CRITICAL |
| In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 | |||||
| CVE-2021-0958 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200041882 | |||||
| CVE-2021-0961 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel | |||||
| CVE-2021-1006 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974 | |||||
| CVE-2021-1009 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 | |||||
| CVE-2021-1014 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740 | |||||
| CVE-2021-1013 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 | |||||
| CVE-2021-1012 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 | |||||
| CVE-2021-1008 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688 | |||||
| CVE-2021-1007 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-167759047 | |||||
| CVE-2021-1005 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 | |||||
| CVE-2021-1016 | 1 Google | 1 Android | 2021-12-17 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183610267 | |||||