Vulnerabilities > Google > Low

DATE CVE VULNERABILITY TITLE RISK
2021-04-28 CVE-2021-31815 Cleartext Transmission of Sensitive Information vulnerability in Google Google/Apple Exposure Notifications 20210427
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties.
local
low complexity
google CWE-319
3.3
2021-04-09 CVE-2021-25358 Incorrect Default Permissions vulnerability in Google Android 10.0/9.0
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
local
low complexity
google CWE-276
3.3
2021-04-09 CVE-2021-25359 Incorrect Default Permissions vulnerability in Google Android 10.0/11.0
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
local
low complexity
google CWE-276
3.3
2021-04-09 CVE-2021-25364 Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
local
low complexity
google CWE-668
3.3
2021-03-04 CVE-2021-25340 Unspecified vulnerability in Google Android 10.0
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
low complexity
google
2.4
2021-03-04 CVE-2021-25335 Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
local
high complexity
google samsung
2.5
2021-03-04 CVE-2021-25336 Unspecified vulnerability in Google Android 10.0/9.0
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
local
low complexity
google
3.3
2020-12-15 CVE-2020-27056 Missing Authorization vulnerability in Google Android 11.0
In SELinux policies of mls, there is a missing permission check.
local
low complexity
google CWE-862
3.3
2020-12-15 CVE-2020-27057 Missing Authorization vulnerability in Google Android 11.0
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check.
local
low complexity
google CWE-862
3.3
2020-12-15 CVE-2020-0368 Improper Input Validation vulnerability in Google Android 11.0
In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation.
local
low complexity
google CWE-20
3.3