Google

Android

8158 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.25%
  • Veröffentlicht 22.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:43:10

In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no a...

  • EPSS 0.1%
  • Veröffentlicht 22.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:43:10

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is...

  • EPSS 0.15%
  • Veröffentlicht 22.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:43:11

In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

  • EPSS 7.01%
  • Veröffentlicht 22.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:43:11

In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: An...

  • EPSS 0.09%
  • Veröffentlicht 22.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:42:47

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: Android...

  • EPSS 0.1%
  • Veröffentlicht 22.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:43:04

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution pri...

  • EPSS 0.12%
  • Veröffentlicht 22.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:43:04

In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interact...

  • EPSS 0.11%
  • Veröffentlicht 11.10.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:42:58

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is ne...

  • EPSS 0.1%
  • Veröffentlicht 06.10.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:55:04

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

  • EPSS 0.48%
  • Veröffentlicht 06.10.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:55:04

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.