Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1755 | 1 Apple | 1 Macos | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
|
|||||
| CVE-2021-1508 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
|
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-1506 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
|
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-1505 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
|
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-1143 | 1 Cisco | 1 Connected Mobile Experiences | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.
|
|||||
| CVE-2021-1037 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906
|
|||||
| CVE-2021-1034 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322
|
|||||
| CVE-2021-1025 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193800652
|
|||||
| CVE-2021-1017 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850
|
|||||
| CVE-2021-1011 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307
|
|||||
| CVE-2021-1010 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801
|
|||||
| CVE-2021-1004 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180
|
|||||
| CVE-2021-0999 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999
|
|||||
| CVE-2021-0994 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134
|
|||||
| CVE-2021-0986 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339
|
|||||
| CVE-2021-0985 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923
|
|||||
| CVE-2021-0982 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508
|
|||||
| CVE-2021-0978 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406
|
|||||
| CVE-2021-0965 | 1 Google | 1 Android | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867
|
|||||
| CVE-2021-0926 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931
|
|||||
| CVE-2021-0923 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390
|
|||||
| CVE-2021-0922 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721
|
|||||
| CVE-2021-0735 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056
|
|||||
| CVE-2021-0706 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889
|
|||||
| CVE-2021-0686 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831
|
|||||
| CVE-2021-0682 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555
|
|||||
| CVE-2021-0681 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337
|
|||||
| CVE-2021-0680 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676
|
|||||
| CVE-2021-0673 | 2 Google, Mediatek | 28 Android, Mt6779, Mt6781 and 25 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.
|
|||||
| CVE-2021-0672 | 2 Google, Mediatek | 64 Android, Mt6731, Mt6732 and 61 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035
|
|||||
| CVE-2021-0654 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A
|
|||||
| CVE-2021-0653 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370
|
|||||
| CVE-2021-0643 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183612370
|
|||||
| CVE-2021-0597 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502
|
|||||
| CVE-2021-0568 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238
|
|||||
| CVE-2021-0554 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162
|
|||||
| CVE-2021-0547 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048
|
|||||
| CVE-2021-0539 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673
|
|||||
| CVE-2021-0521 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955
|
|||||
| CVE-2021-0518 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-176541017
|
|||||