Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-0959 Improper Privilege Management vulnerability in Google Android 12.0
In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code.
local
low complexity
google CWE-269
7.2
2022-01-14 CVE-2021-1035 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy.
local
low complexity
google CWE-610
7.2
2022-01-14 CVE-2021-39618 Improper Privilege Management vulnerability in Google Android
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent.
local
low complexity
google CWE-269
7.2
2022-01-14 CVE-2021-39620 Use After Free vulnerability in Google Android 11.0/12.0
In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free.
local
low complexity
google CWE-416
7.2
2022-01-14 CVE-2021-39622 Improper Preservation of Permissions vulnerability in Google Android 10.0/11.0/12.0
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check.
local
low complexity
google CWE-281
7.2
2022-01-14 CVE-2021-39623 Improper Privilege Management vulnerability in Google Android
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check.
network
low complexity
google CWE-269
critical
10.0
2022-01-14 CVE-2021-39625 Improper Privilege Management vulnerability in Google Android
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent.
local
google CWE-269
6.9
2022-01-14 CVE-2021-39628 Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code.
local
low complexity
google CWE-668
2.1
2022-01-14 CVE-2021-39629 Use After Free vulnerability in Google Android
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition.
local
google CWE-416
6.9
2022-01-14 CVE-2021-39632 Out-of-bounds Write vulnerability in Google Android 11.0/12.0
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check.
local
low complexity
google CWE-787
7.2