Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1021 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 | |||||
| CVE-2021-1020 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725 | |||||
| CVE-2021-0933 | 1 Google | 1 Android | 2024-11-21 | 7.9 HIGH | 8.0 HIGH |
| In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 | |||||
| CVE-2021-0928 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | |||||
| CVE-2021-0921 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 | |||||
| CVE-2021-0651 | 1 Google | 1 Android | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844 | |||||
| CVE-2021-0600 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2021-0485 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616 | |||||
| CVE-2021-0481 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189 | |||||
| CVE-2021-0419 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713. | |||||
| CVE-2021-0418 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706. | |||||
| CVE-2021-0417 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702. | |||||
| CVE-2021-0416 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700. | |||||
| CVE-2021-0404 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. | |||||
| CVE-2021-0400 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690 | |||||
| CVE-2021-0377 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689 | |||||
| CVE-2021-0350 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05342338. | |||||
| CVE-2021-0345 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05432974. | |||||
| CVE-2021-0322 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
| In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361. | |||||