Vulnerabilities > Google > Android > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-39702 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0 In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. | 9.3 |
| 2022-03-16 | CVE-2021-39701 | Improper Input Validation vulnerability in Google Android 11.0/12.0 In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. | 9.3 |
| 2022-03-16 | CVE-2021-39692 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0 In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. | 9.3 |
| 2022-02-11 | CVE-2021-39675 | Out-of-bounds Write vulnerability in Google Android 12.0 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. | 10.0 |
| 2022-02-11 | CVE-2021-39658 | Incorrect Default Permissions vulnerability in Google Android ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | 9.8 |
| 2022-02-11 | CVE-2021-39635 | Incorrect Default Permissions vulnerability in Google Android ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | 9.1 |
| 2022-02-11 | CVE-2021-39616 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 | 10.0 |
| 2022-01-14 | CVE-2021-39623 | Out-of-bounds Write vulnerability in Google Android In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 |
| 2022-01-14 | CVE-2021-1049 | Unspecified vulnerability in Google Android Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722 | 10.0 |
| 2021-12-15 | CVE-2021-39645 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A | 10.0 |