Lucene search
K

2494 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:20 p.m.8 views

CVE-2022-20213

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

5.5CVSS7.3AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 p.m.6 views

CVE-2022-20214

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210...

4.7CVSS7.4AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 p.m.8 views

CVE-2022-20130

In transportDecOutOfBandConfig of tpdeclib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

10CVSS8AI score0.08334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 p.m.7 views

CVE-2022-20349

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.1AI score0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.4 views

CVE-2021-39622

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

7.8CVSS7.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:42 p.m.3 views

CVE-2021-39667

In ih264dparsedecodeslice of ih264dparseslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

6.5CVSS7.1AI score0.00682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:41 p.m.4 views

CVE-2021-0645

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges...

7.8CVSS6.2AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:41 p.m.4 views

CVE-2021-0362

In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070...

6.7CVSS7.1AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 p.m.23 views

CVE-2021-39695

In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

7.8CVSS7AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.4 views

CVE-2021-39620

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

7.8CVSS7AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.7 views

CVE-2021-39619

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 p.m.6 views

CVE-2021-1036

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS7AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 p.m.6 views

CVE-2021-1037

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11...

5.3CVSS6.8AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 p.m.7 views

CVE-2021-0955

In pfwritebuf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-19208576...

7CVSS7.8AI score0.00088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 p.m.6 views

CVE-2021-0703

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect sharedptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for...

7.2CVSS7.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 p.m.11 views

CVE-2021-0694

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS6.7AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:0 p.m.5 views

CVE-2021-0567

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andro...

7.8CVSS7AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:0 p.m.6 views

CVE-2021-0564

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665...

6.4CVSS7AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:0 p.m.8 views

CVE-2021-0551

In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

6.5CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 p.m.11 views

CVE-2021-0442

In updateInfo of androidhardwareinputInputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.3AI score0.00119EPSS
Exploits0References1
Rows per page
Query Builder