Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0604 | 1 Google | 1 Android | 2021-07-16 | 1.9 LOW | 5.5 MEDIUM |
| In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660 | |||||
| CVE-2021-0587 | 1 Google | 1 Android | 2021-07-16 | 7.2 HIGH | 7.8 HIGH |
| In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758 | |||||
| CVE-2021-0585 | 1 Google | 1 Android | 2021-07-16 | 7.2 HIGH | 6.7 MEDIUM |
| In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-184963385 | |||||
| CVE-2021-0514 | 1 Google | 1 Android | 2021-07-16 | 9.3 HIGH | 8.1 HIGH |
| In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069 | |||||
| CVE-2021-0441 | 1 Google | 1 Android | 2021-07-15 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520 | |||||
| CVE-2021-0486 | 1 Google | 1 Android | 2021-07-15 | 4.6 MEDIUM | 7.8 HIGH |
| In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330 | |||||
| CVE-2021-0597 | 1 Google | 1 Android | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502 | |||||
| CVE-2021-0599 | 1 Google | 1 Android | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289 | |||||
| CVE-2021-0600 | 1 Google | 1 Android | 2021-07-15 | 6.9 MEDIUM | 7.8 HIGH |
| In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 | |||||
| CVE-2021-0601 | 1 Google | 1 Android | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802 | |||||
| CVE-2021-25428 | 1 Google | 1 Android | 2021-07-14 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | |||||
| CVE-2021-25427 | 1 Google | 1 Android | 2021-07-14 | 3.3 LOW | 6.5 MEDIUM |
| SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information | |||||
| CVE-2021-25429 | 1 Google | 1 Android | 2021-07-14 | 3.3 LOW | 4.3 MEDIUM |
| Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||||
| CVE-2021-25430 | 1 Google | 1 Android | 2021-07-14 | 3.3 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||||
| CVE-2021-25441 | 2 Google, Samsung | 2 Android, Ar Emoji Editor | 2021-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. | |||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2021-07-12 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | |||||
| CVE-2021-0605 | 1 Google | 1 Android | 2021-06-25 | 4.9 MEDIUM | 4.4 MEDIUM |
| In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 | |||||
| CVE-2021-0606 | 1 Google | 1 Android | 2021-06-25 | 4.6 MEDIUM | 6.7 MEDIUM |
| In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487 | |||||
| CVE-2021-0550 | 1 Google | 1 Android | 2021-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673 | |||||
| CVE-2021-0608 | 1 Google | 1 Android | 2021-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704 | |||||