Vulnerabilities > Google > Low

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2021-0990 Information Exposure Through Discrepancy vulnerability in Google Android 12.0
In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2021-12-15 CVE-2021-0989 Information Exposure Through Discrepancy vulnerability in Google Android 12.0
In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2021-12-15 CVE-2021-0988 Information Exposure Through Discrepancy vulnerability in Google Android 12.0
In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2021-12-15 CVE-2021-0987 Information Exposure Through Discrepancy vulnerability in Google Android 12.0
In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2021-12-15 CVE-2021-0983 Information Exposure vulnerability in Google Android 12.1
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure.
local
low complexity
google CWE-200
3.3
2021-12-15 CVE-2021-0982 Missing Authorization vulnerability in Google Android 12.0
In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check.
local
low complexity
google CWE-862
3.3
2021-12-15 CVE-2021-0978 Missing Authorization vulnerability in Google Android 12.0
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-862
3.3
2021-12-08 CVE-2021-25519 Missing Authorization vulnerability in Google Android 10.0/11.0/9.0
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
local
low complexity
google CWE-862
3.3
2021-12-08 CVE-2021-25515 Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/9.0
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
local
low complexity
google CWE-668
3.3
2021-12-08 CVE-2021-25513 Improper Privilege Management vulnerability in Google Android 11.0
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.
low complexity
google CWE-269
2.4