Export limit exceeded: 10566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39768 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876 | ||||
| CVE-2021-39758 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886 | ||||
| CVE-2021-39753 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185 | ||||
| CVE-2021-39751 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 | ||||
| CVE-2021-39750 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016 | ||||
| CVE-2021-39749 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 | ||||
| CVE-2021-39743 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884 | ||||
| CVE-2021-39742 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602 | ||||
| CVE-2021-39738 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 | ||||
| CVE-2021-39734 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A | ||||
| CVE-2021-39706 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 | ||||
| CVE-2021-39697 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547 | ||||
| CVE-2021-39662 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 | ||||
| CVE-2021-39651 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A | ||||
| CVE-2021-39639 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A | ||||
| CVE-2021-39630 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292 | ||||
| CVE-2021-39622 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648 | ||||
| CVE-2021-39236 | 1 Apache | 1 Ozone | 2024-11-21 | 8.8 High |
| In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | ||||
| CVE-2021-39234 | 1 Apache | 1 Ozone | 2024-11-21 | 6.8 Medium |
| In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. | ||||
| CVE-2021-39232 | 1 Apache | 1 Ozone | 2024-11-21 | 8.8 High |
| In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | ||||