Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Android
(Google)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 6923 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-07 | CVE-2023-33912 | In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | Android | 5.5 | ||
| 2023-08-07 | CVE-2023-33911 | In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | Android | 5.5 | ||
| 2023-08-07 | CVE-2023-33913 | In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed | Android | 7.2 | ||
| 2023-08-07 | CVE-2023-33906 | In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | Android | 5.5 | ||
| 2021-02-10 | CVE-2021-0336 | In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161 | Android | 7.8 | ||
| 2021-03-10 | CVE-2021-0369 | In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166561076 | Android | 7.8 | ||
| 2021-03-10 | CVE-2021-0391 | In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550 | Android | 7.8 | ||
| 2021-03-10 | CVE-2021-0386 | In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110 | Android | 7.8 | ||
| 2021-03-26 | CVE-2021-25370 | An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. | Android | 4.4 | ||
| 2021-06-21 | CVE-2021-0511 | In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | Android | 7.8 |