Google Android vulnerabilities

9,646 known vulnerabilities affecting google/android.

Total CVEs

9,646

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2

Vulnerabilities

Page 207 of 483

CVE-2021-30338HIGHCVSS 7.12022-04-01

CVE-2021-30338 [HIGH] CVE-2021-30338: Closed-source component Android Security Bulletin 2022-04-01 CVE: CVE-2021-30338 Severity: HIGH Component: Closed-source component References: A-202025859 *

android

CVE-2021-39795UNKNOWN2022-04-01

CVE-2021-39795 CVE-2021-39795: MediaProvider Android Security Bulletin 2022-04-01 CVE: CVE-2021-39795 Component: MediaProvider

android

CVE-2021-39750HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39750 [HIGH] CWE-862 CVE-2021-39750: In PackageManager, there is a possible way to change the splash screen theme of other apps due to a In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016

nvd

CVE-2021-39789HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39789 [HIGH] CWE-863 CVE-2021-39789: In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This coul In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906

nvd

CVE-2021-39767HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39767 [HIGH] CWE-1188 CVE-2021-39767: In miniadb, there is a possible way to get read/write access to recovery system properties due to an In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542

nvd

CVE-2021-39743HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39743 [HIGH] CWE-862 CVE-2021-39743: In PackageManager, there is a possible way to update the last usage time of another package due to a In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884

nvd

CVE-2021-39781HIGHCVSS 7.8v12.0vAndroid-12L2022-03-30

CVE-2021-39781 [HIGH] CVE-2021-39781: In SmsController, there is a possible information disclosure due to a permissions bypass. This could In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502

nvd

CVE-2021-39772HIGHCVSS 8.8v12.0vAndroid-12L2022-03-30

CVE-2021-39772 [HIGH] CWE-269 CVE-2021-39772: In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permi In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322

nvd

CVE-2021-39790HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39790 [HIGH] CWE-863 CVE-2021-39790: In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permissi In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146

nvd

CVE-2021-39764HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39764 [HIGH] CWE-20 CVE-2021-39764: In Settings, there is a possible way to display an incorrect app name due to improper input validati In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995

nvd

CVE-2021-39749HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39749 [HIGH] CWE-862 CVE-2021-39749: In WindowManager, there is a possible way to start non-exported and protected activities due to a mi In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115

nvd

CVE-2021-1000HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-1000 [HIGH] CWE-276 CVE-2021-1000: In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185190688

nvd

CVE-2021-39776HIGHCVSS 7.8v12.0vAndroid-12L2022-03-30

CVE-2021-39776 [HIGH] CWE-416 CVE-2021-39776: In NFC, there is a possible memory corruption due to a use after free. This could lead to local esca In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125

nvd

CVE-2021-39746HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39746 [HIGH] CVE-2021-39746: In PermissionController, there is a possible way to delete some local files due to an unsafe Pending In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395

nvd

CVE-2021-39784HIGHCVSS 7.8v12.0vAndroid-12L2022-03-30

CVE-2021-39784 [HIGH] CWE-269 CVE-2021-39784: In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a mis In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477

nvd

CVE-2021-39787HIGHCVSS 7.8v12.0vAndroid-12L2022-03-30

CVE-2021-39787 [HIGH] CWE-610 CVE-2021-39787: In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934

nvd

CVE-2021-39783HIGHCVSS 7.8v12.0vAndroid-12L2022-03-30

CVE-2021-39783 [HIGH] CWE-269 CVE-2021-39783: In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This co In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597

nvd

CVE-2021-39768HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39768 [HIGH] CWE-862 CVE-2021-39768: In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876

nvd

CVE-2021-39763HIGHCVSS 7.8v12.1vAndroid-12L2022-03-30

CVE-2021-39763 [HIGH] CWE-20 CVE-2021-39763: In Settings, there is a possible way to make the user enable WiFi due to improper input validation. In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115

nvd

CVE-2021-39762HIGHCVSS 7.5v12.1vAndroid-12L2022-03-30

CVE-2021-39762 [HIGH] CWE-190 CVE-2021-39762: In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to re In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816

nvd

← Previous207 / 483Next →