CVE-2021-1008
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:23
In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is ...
CVE-2021-1009
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:23
In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with...
CVE-2021-1010
- EPSS 0.1%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:23
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...
CVE-2021-1011
- EPSS 0.1%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:23
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...
CVE-2021-1012
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:23
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional...
CVE-2021-1013
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:23
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could le...
CVE-2021-1014
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:24
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wit...
CVE-2021-1015
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:24
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no addition...
CVE-2021-1016
- EPSS 0.11%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:24
In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed....
CVE-2021-1017
- EPSS 0.12%
- Veröffentlicht 15.12.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:43:24
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges n...