GHSA-3CQM-MF7H-PRRJ Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-0694

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User...

OESA-2022-1611 flac security update

FLAC stands for Free Lossless Audio Codec, an audio format similar to MP3, but lossless, meaning that audio is compressed in FLAC without any loss in quality. Security Fixes: In appendtoverifyfifointerleaved of streamencoder.c, there is a possible out of bounds write due to a missing bounds check...

CVE-2021-39704

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

CVE-2021-39697

In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

CVE-2021-39695

In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

CVE-2021-0957

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2022-10961 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 11 Description: The issue is related to a parcel serialization/deserialization mismatch in the writeThrowable function of AndroidFuture.java due to improper input validation. This could lead to local escalation of privilege wi...

CVE-2021-0956

In NfcTag::discoverTechnologies activation of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0955

In pfwritebuf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-19208576...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. Google Android 11 has a security vulnerability in System 10, a version prior to 11...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. There is a security vulnerability in Google Android version 11, there is no information about this vulnerability yet, please stay tuned to CNNVD or the manufacturer's announcement...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android 11 suffers from an elevation of privilege vulnerability that originates in onCreate in UsbPermissionActivity.java, which can be exploited by an attacker to cause local privilege escalation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android 11 has a security vulnerability that stems from a security flaw in the system's Pixel Bootloader...

Mediatek 芯片 安全漏洞

Mediatek chips are smartphone chipsets from China's MediaTek Mediatek. A security vulnerability exists in the Mediatek chipset, which stems from a side-channel information disclosure in the memory management driver, which could result in a local elevation of privilege that requires system executi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in MediaTek components System properties in Google Android 11, which stems from a lack of privilege checking and could lead to information disclosure...

CVE-2021-0564

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665...

UBUNTU-CVE-2021-0561

In appendtoverifyfifointerleaved of streamencoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0520

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0482

In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...