Total
652 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1013 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 | ||||
| CVE-2021-1012 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 | ||||
| CVE-2021-1009 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 | ||||
| CVE-2021-1005 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 | ||||
| CVE-2021-0995 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536547 | ||||
| CVE-2021-0990 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180 | ||||
| CVE-2021-0989 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812 | ||||
| CVE-2021-0988 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 | ||||
| CVE-2021-0987 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 | ||||
| CVE-2021-0975 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273 | ||||
| CVE-2021-0524 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334 | ||||
| CVE-2021-0321 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-166667403. | ||||
| CVE-2021-0089 | 3 Debian, Fedoraproject, Intel | 12 Debian Linux, Fedora, Celeron Processors and 9 more | 2024-11-21 | 6.5 Medium |
| Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0086 | 2 Fedoraproject, Intel | 12 Fedora, Brand Verification Tool, Celeron Processors and 9 more | 2024-11-21 | 6.5 Medium |
| Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0001 | 1 Intel | 4 Integrated Performance Primitives Cryptography, Sgx Dcap, Sgx Psw and 1 more | 2024-11-21 | 4.7 Medium |
| Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2020-9690 | 1 Magento | 1 Magento | 2024-11-21 | 4.2 Medium |
| Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | ||||
| CVE-2020-9588 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | ||||
| CVE-2020-9389 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.7 Low |
| A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames. | ||||
| CVE-2020-8989 | 1 Voatz | 1 Voatz | 2024-11-21 | 5.3 Medium |
| In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. For example, a small amount of sniffed data may indicate that a vote was cast for the candidate with the least metadata. An active man-in-the-middle attacker can leverage this behavior to disrupt voters' abilities to vote for a candidate opposed by the attacker. | ||||
| CVE-2020-8695 | 4 Debian, Fedoraproject, Intel and 1 more | 605 Debian Linux, Fedora, Celeron 3855u and 602 more | 2024-11-21 | 5.5 Medium |
| Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||