Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2021-39794 Incorrect Default Permissions vulnerability in Google Android 11.0/12.0/12.1
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check.
network
high complexity
google CWE-276
7.6
7.6
2022-04-12 CVE-2021-39797 Improper Privilege Management vulnerability in Google Android 12.0/12.1
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code.
local
low complexity
google CWE-269
7.2
7.2
2022-04-12 CVE-2021-39798 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 12.0/12.1
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check.
local
low complexity
google CWE-119
7.2
7.2
2022-04-12 CVE-2021-39799 Incorrect Authorization vulnerability in Google Android 12.0/12.1
In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation.
local
low complexity
google CWE-863
7.2
7.2
2022-04-12 CVE-2021-39801 Improper Locking vulnerability in Google Android
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking.
local
low complexity
google CWE-667
7.2
7.2
2022-04-12 CVE-2021-39802 Incorrect Authorization vulnerability in Google Android
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass.
local
low complexity
google CWE-863
7.2
7.2
2022-04-12 CVE-2021-39807 Improper Privilege Management vulnerability in Google Android
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check.
local
low complexity
google CWE-269
7.2
7.2
2022-04-12 CVE-2021-39808 Missing Authorization vulnerability in Google Android 10.0/11.0/12.0
In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation.
local
low complexity
google CWE-862
7.2
7.2
2022-04-12 CVE-2021-39812 Use After Free vulnerability in Google Android
In TBD of TBD, there is a possible out of bounds read due to a use after free.
local
low complexity
google CWE-416
7.2
7.2
2022-04-12 CVE-2021-39814 Out-of-bounds Write vulnerability in Google Android
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check.
local
low complexity
google CWE-787
7.2
7.2