Google Android vulnerabilities

CVE-2021-39782 [HIGH] CWE-269 CVE-2021-39782: In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing pe In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015

CVE-2021-39758 [HIGH] CWE-862 CVE-2021-39758: In WindowManager, there is a possible way to start a foreground activity from the background due to In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886

CVE-2021-1033 [HIGH] CWE-276 CVE-2021-1033: In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission byp In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185247656

CVE-2021-39741 [HIGH] CWE-787 CVE-2021-39741: In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719

CVE-2021-39752 [HIGH] CVE-2021-39752: In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This coul In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848

CVE-2022-20002 [HIGH] CWE-862 CVE-2022-20002: In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657

CVE-2021-39771 [HIGH] CWE-20 CVE-2021-39771: In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to im In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951

CVE-2021-39780 [HIGH] CWE-276 CVE-2021-39780: In Traceur, there is a possible bypass of developer settings requirements for capturing system trace In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293

CVE-2021-39759 [HIGH] CWE-190 CVE-2021-39759: In libstagefright, there is a possible out of bounds write due to an integer overflow. This could le In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830

CVE-2021-39778 [MEDIUM] CWE-20 CVE-2021-39778: In Telecomm, there is a possible way to determine whether an app is installed, without query permiss In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138

CVE-2021-39754 [MEDIUM] CWE-203 CVE-2021-39754: In ContextImpl, there is a possible way to determine whether an app is installed, without query perm In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709

CVE-2021-39751 [MEDIUM] CWE-862 CVE-2021-39751: In Settings, there is a possible way to read Bluetooth device names without proper permissions due t In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801

CVE-2021-39756 [MEDIUM] CWE-203 CVE-2021-39756: In Framework, there is a possible way to determine whether an app is installed, without query permis In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-18435

CVE-2021-39742 [MEDIUM] CWE-862 CVE-2021-39742: In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602

CVE-2021-39775 [MEDIUM] CWE-203 CVE-2021-39775: In People, there is a possible way to determine whether an app is installed, without query permissio In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-20646585

CVE-2021-39777 [MEDIUM] CWE-668 CVE-2021-39777: In Telephony, there is a possible way to determine whether an app is installed, without query permis In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207

CVE-2021-39761 [MEDIUM] CWE-203 CVE-2021-39761: In Media, there is a possible way to determine whether an app is installed, without query permission In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181

CVE-2021-39769 [MEDIUM] CWE-276 CVE-2021-39769: In Device Policy, there is a possible way to determine whether an app is installed, without query pe In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193663287

CVE-2021-39788 [MEDIUM] CWE-203 CVE-2021-39788: In TelecomManager, there is a possible way to check if a particular self managed phone account was r In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAn

CVE-2021-39773 [MEDIUM] CWE-203 CVE-2021-39773: In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel i In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656