850 matches found
CVE-2021-39758
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...
CVE-2021-39757
CVE-2021-39757 affects Android 12L with a permission bypass in the PermissionController caused by unsafe PendingIntent, enabling local information disclosure. Exploitation requires low privileges and no user interaction, with potential access to sensitive data on the device as described in multip...
CVE-2021-39757
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662...
CVE-2021-39756
CVE-2021-39756 affects Android 12L Framework, where a side-channel information disclosure could allow an app to be detected as installed without query permissions, enabling local information disclosure with no execution privileges. Root cause is a leakage in Framework that can reveal installation...
CVE-2021-39756
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-39755
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not need...
CVE-2021-39753
In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-39752
In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848...
CVE-2021-39752
CVE-2021-39752 affects Google's Android 12L with the Bubbles component. It describes a permissions bypass that could enable local elevation of privilege without extra execution privileges or user interaction. Affected product/version: Android 12L (Android ID A-202756848). Root cause: a bypass wit...
CVE-2021-39751
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2021-39750
In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39749
CVE-2021-39749 affects Android 12L WindowManager; it allows starting non-exported/protected activities due to a missing permission check, enabling local privilege escalation with no additional privileges and no user interaction. A PoC demonstrates cross-app activity startup via TaskFragment/Choos...
CVE-2021-39748
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39747
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-39746
CVE-2021-39746 affects Android 12L Framework, specifically a vulnerability in PermissionController caused by an unsafe PendingIntent. This could lead to local escalation of privilege with user execution privileges needed and no user interaction required, per the CVE description. Red Hat and Andro...
CVE-2021-39745
CVE-2021-39745 affects Android 12L and is described in multiple feeds as a side-channel information disclosure in DevicePolicyManager that could let an attacker determine whether an app is installed without query permissions. The vulnerability enables local information disclosure with no addition...
CVE-2021-39745
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-39744
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-39742
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:...
CVE-2021-39741
CVE-2021-39741 affects the Android Keymaster component on Android 12L, with an out-of-bounds write caused by a missing bounds check. This leads to local elevation of privilege with System execution privileges required; no user interaction is needed. The issue is listed in Android 12L security rel...