Vulnerabilities > Google > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-15 | CVE-2021-0992 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0 In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. | 1.9 |
2021-12-15 | CVE-2021-0991 | Information Exposure Through Log Files vulnerability in Google Android 12.0 In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. | 2.7 |
2021-12-15 | CVE-2021-0990 | Information Exposure Through Discrepancy vulnerability in Google Android 12.0 In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 2.1 |
2021-12-15 | CVE-2021-0989 | Information Exposure Through Discrepancy vulnerability in Google Android 12.0 In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 2.1 |
2021-12-15 | CVE-2021-0988 | Information Exposure Through Discrepancy vulnerability in Google Android 12.0 In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 2.1 |
2021-12-15 | CVE-2021-0987 | Information Exposure Through Discrepancy vulnerability in Google Android 12.0 In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 2.1 |
2021-12-15 | CVE-2021-0983 | Information Exposure vulnerability in Google Android 12.1 In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. | 3.3 |
2021-12-15 | CVE-2021-0982 | Missing Authorization vulnerability in Google Android 12.0 In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. | 2.1 |
2021-12-15 | CVE-2021-0979 | Incorrect Default Permissions vulnerability in Google Android 12.0 In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. | 2.1 |
2021-12-15 | CVE-2021-0978 | Missing Authorization vulnerability in Google Android 12.0 In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |