Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1010 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801 | |||||
| CVE-2021-1004 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180 | |||||
| CVE-2021-0999 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999 | |||||
| CVE-2021-0994 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 | |||||
| CVE-2021-0993 | 1 Google | 1 Android | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193849901 | |||||
| CVE-2021-0992 | 1 Google | 1 Android | 2022-07-12 | 1.9 LOW | 3.3 LOW |
| In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327 | |||||
| CVE-2021-0985 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923 | |||||
| CVE-2021-0982 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 | |||||
| CVE-2021-0966 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478 | |||||
| CVE-2021-0965 | 1 Google | 1 Android | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
| In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 | |||||
| CVE-2021-0931 | 1 Google | 1 Android | 2022-07-12 | 4.7 MEDIUM | 5.5 MEDIUM |
| In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689 | |||||
| CVE-2021-0920 | 2 Debian, Google | 2 Debian Linux, Android | 2022-07-12 | 6.9 MEDIUM | 6.4 MEDIUM |
| In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel | |||||
| CVE-2021-0799 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197647956 | |||||
| CVE-2021-0769 | 1 Google | 1 Android | 2022-07-12 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184676316 | |||||
| CVE-2021-0653 | 1 Google | 1 Android | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370 | |||||
| CVE-2021-0649 | 1 Google | 1 Android | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886 | |||||
| CVE-2021-0434 | 1 Google | 1 Android | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112 | |||||
| CVE-2021-44657 | 1 Stackstorm | 1 Stackstorm | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default. | |||||
| CVE-2021-43899 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | |||||
| CVE-2021-43893 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | |||||