297 matches found
CVE-2021-0601
In encodeFrames of avcencfuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-25439
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O8.1 and below, and 3.9.10.11 in Android P9.0 and above allows untrusted applications to cause arbitrary webpage loading in webview...
CVE-2021-0478
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for...
CVE-2021-0522
In ConnectionHandler::SdpCb of connectionhandler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...
CVE-2021-0511
In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...
PT-2021-13161 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-9 through Android-11 Description: The issue is related to improper input validation in Dex2oat of dex2oat.cc, allowing for possible bytecode injection into an app. This could lead to local escalation of privilege with...
CVE-2021-0476
In FindOrCreatePeer of btifav.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9...
CVE-2021-0473
In rwt3tprocesserror of rwt3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...
Google Android 资源管理错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Media Framework component of Google Android versions 8.1, 9, 10, and 11. No details of the vulnerability are...
CVE-2021-0437
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9...
CVE-2021-0400
In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privilege...
CVE-2021-0431
In avrcmsgcback of avrcapi.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0429
In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...
CVE-2021-25377
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P9.0 below, and 12.2.0.5 in Android Q10.0 above allows attacker to execute privileged action...
CVE-2021-25381
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P9.0 and below, and 12.1.1.3 in Android Q10.0 and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...
CVE-2021-25374
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O8.1 and below, and 3.9.00.9 in Android P9.0 and above allows remote attackers to access a user data related with Samsung Account...
CVE-2021-25373
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O8.x, 2.4.03.0 in Android P9.0, 2.7.02.1 in Android Q10.0 and 2.9.01.1 in Android R11.0 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...
Google Android 输入验证错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 9, 10, and 11. No details of the vulnerability are provided at this time...
Google Android 安全漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 9, 11. No details of the vulnerability are provided at this time...
CVE-2021-0390
In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User...