Total
6212 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39808 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 | ||||
| CVE-2021-39768 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876 | ||||
| CVE-2021-39758 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886 | ||||
| CVE-2021-39753 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185 | ||||
| CVE-2021-39751 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 | ||||
| CVE-2021-39750 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016 | ||||
| CVE-2021-39749 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 | ||||
| CVE-2021-39743 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884 | ||||
| CVE-2021-39742 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602 | ||||
| CVE-2021-39738 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 | ||||
| CVE-2021-39734 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A | ||||
| CVE-2021-39706 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 | ||||
| CVE-2021-39697 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547 | ||||
| CVE-2021-39662 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 | ||||
| CVE-2021-39651 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A | ||||
| CVE-2021-39639 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A | ||||
| CVE-2021-39622 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648 | ||||
| CVE-2021-39236 | 1 Apache | 1 Ozone | 2024-11-21 | 8.8 High |
| In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | ||||
| CVE-2021-39232 | 1 Apache | 1 Ozone | 2024-11-21 | 8.8 High |
| In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | ||||
| CVE-2021-39231 | 1 Apache | 1 Ozone | 2024-11-21 | 9.1 Critical |
| In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. | ||||