Google Android vulnerabilities

CVE-2021-1009 [MEDIUM] CWE-203 CVE-2021-1009: In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine wh In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: An

CVE-2021-1012 [MEDIUM] CWE-203 CVE-2021-1012: In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app i In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:

CVE-2021-0976 [MEDIUM] CWE-125 CVE-2021-0976: In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This co In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600

CVE-2021-0995 [LOW] CWE-203 CVE-2021-0995: In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to de In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Prod

CVE-2021-0991 [LOW] CWE-532 CVE-2021-0991: In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible l In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181

CVE-2021-0992 [LOW] CWE-1021 CVE-2021-0992: In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app wi In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327

CVE-2021-1031 [LOW] CWE-203 CVE-2021-1031: In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to de In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Prod

CVE-2021-0994 [LOW] CWE-862 CVE-2021-0994: In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine wheth In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:

CVE-2021-0989 [LOW] CWE-203 CVE-2021-0989: In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr

CVE-2021-0983 [LOW] CWE-200 CVE-2021-0983: In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of in In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:

CVE-2021-0982 [LOW] CWE-862 CVE-2021-0982: In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization n In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508

CVE-2021-0988 [LOW] CWE-203 CVE-2021-0988: In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possib In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo

CVE-2021-1032 [LOW] CWE-203 CVE-2021-1032: In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app i In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

CVE-2021-0990 [LOW] CWE-203 CVE-2021-0990: In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app i In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

CVE-2021-0987 [LOW] CWE-203 CVE-2021-0987: In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whethe In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe

CVE-2021-1034 [LOW] CWE-862 CVE-2021-1034: In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine wheth In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Andr

CVE-2021-1018 [LOW] CWE-203 CVE-2021-1018: In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is i In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro

CVE-2021-0978 [LOW] CWE-862 CVE-2021-0978: In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr

CVE-2021-1015 [LOW] CWE-203 CVE-2021-1015: In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:

CVE-2021-25511 [HIGH] CWE-20 CVE-2021-25511: An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attack An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.