Android
by Google
CVEs (4,290)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-1031 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2021 | In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional… | ||
| CVE-2021-1015 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2021 | In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges… | ||
| CVE-2021-0995 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2021 | In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional… | ||
| CVE-2021-0994 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2021 | In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges… | ||
| CVE-2021-0992 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2021 | In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2021-0978 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2021 | In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution… | ||
| CVE-2020-27057 | Low | 0.21 | 3.3 | 0.00 | Dec 15, 2020 | In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for… | ||
| CVE-2017-6426 | Low | 0.21 | 3.3 | 0.00 | Apr 4, 2018 | An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842. | ||
| CVE-2017-6425 | Low | 0.21 | 3.3 | 0.00 | Apr 4, 2018 | An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689. | ||
| CVE-2016-10236 | Low | 0.21 | 3.3 | 0.00 | Apr 4, 2018 | An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418. | ||
| CVE-2017-0709 | Low | 0.21 | 3.3 | 0.00 | Jul 6, 2017 | A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048. | ||
| CVE-2015-9032 | Low | 0.21 | 3.3 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. | ||
| CVE-2015-9031 | Low | 0.21 | 3.3 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. | ||
| CVE-2016-6770 | Low | 0.21 | 3.3 | 0.00 | Jan 12, 2017 | An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android.… | ||
| CVE-2016-3763 | Low | 0.21 | 3.3 | 0.01 | Jul 11, 2016 | net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to… | ||
| CVE-2016-3759 | Low | 0.21 | 3.3 | 0.00 | Jul 11, 2016 | The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | ||
| CVE-2023-21262 | Low | 0.20 | 3.1 | 0.00 | Jul 13, 2023 | In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation. | ||
| CVE-2015-6641 | Low | 0.20 | 3.1 | 0.00 | Jan 6, 2016 | Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | ||
| CVE-2016-0823 | Med | 0.19 | 4.0 | 0.00 | Mar 12, 2016 | The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | ||
| CVE-2022-20327 | Low | 0.18 | 2.8 | 0.00 | Aug 12, 2022 | In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product:… |
- risk 0.21cvss 3.3epss 0.00
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional…
- risk 0.21cvss 3.3epss 0.00
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges…
- risk 0.21cvss 3.3epss 0.00
In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional…
- risk 0.21cvss 3.3epss 0.00
In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges…
- risk 0.21cvss 3.3epss 0.00
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…
- risk 0.21cvss 3.3epss 0.00
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution…
- risk 0.21cvss 3.3epss 0.00
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for…
- risk 0.21cvss 3.3epss 0.00
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.
- risk 0.21cvss 3.3epss 0.00
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.
- risk 0.21cvss 3.3epss 0.00
An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.
- risk 0.21cvss 3.3epss 0.00
A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.
- risk 0.21cvss 3.3epss 0.00
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
- risk 0.21cvss 3.3epss 0.00
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.
- risk 0.21cvss 3.3epss 0.00
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android.…
- risk 0.21cvss 3.3epss 0.01
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to…
- risk 0.21cvss 3.3epss 0.00
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
- risk 0.20cvss 3.1epss 0.00
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.
- risk 0.20cvss 3.1epss 0.00
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
- risk 0.19cvss 4.0epss 0.00
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
- risk 0.18cvss 2.8epss 0.00
In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product:…
Page 163 of 215