952 matches found
CVE-2021-1039
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0967
In vorbisbookdecodevset of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-1...
CVE-2021-0971
In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0704
In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges...
CVE-2021-0704
CVE-2021-0704 (Google Android): A local information-disclosure vulnerability in AccountManagerService.java allows retrieving accounts without required permissions due to a permissions bypass. Affected Android versions include 9, 10, and 11. Exploitation is local and does not require user interact...
CVE-2021-0650
In WTInterpolateNoLoop of easwtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0928
CVE-2021-0928 concerns an Elevation of Privilege in Android’s Media Framework. The vulnerability arises from a mismatch in parcel serialization/deserialization in createFromParcel of OutputConfiguration.java due to improper input validation, allowing local privilege elevation with no authenticate...
CVE-2021-0928
In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-0931
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-...
CVE-2021-0931
CVE-2021-0931 – Android BluetoothDevice.getAlias information disclosure . The issue is reported in BluetoothDevice.java: missing data filtering can cause misleading permission dialogs, enabling local information disclosure with user interaction required. Affected products/versions include Android...
CVE-2021-0889
The CVE-2021-0889 entry concerns Android TV Remote Service where a silent pairing due to no rate-limiting in the pairing flow can enable remote code execution without user interaction. Affected products include Android TV on Android 8.1, 9, 10, 11, and 12. The root cause cited is lack of rate lim...
CVE-2021-0889
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...
NewStart CGSL CORE 5.05 / MAIN 5.05 : libexif Multiple Vulnerabilities (NS-SA-2021-0158)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libexif packages installed that are affected by multiple vulnerabilities: - In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media...
CVE-2021-0652
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Race condition
In RWSetActivatedTagType of rwmain.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...
Design/Logic Flaw
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Input validation
In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0870
In RWSetActivatedTagType of rwmain.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...
CVE-2021-0651
Technical details about CVE-2021-0651 beyond the initial description are not publicly provided in the connected documents. Please monitor for updates from official advisories.
Design/Logic Flaw
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...