952 matches found
CVE-2021-0587
In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1...
CVE-2021-0586
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2021-0586
CVE-2021-0586 describes a tapjacking/overlay flaw in DevicePickerFragment.java on Android 8.1–11 that could trick users into selecting a Bluetooth device, enabling local escalation of privilege with no extra execution privileges required. The initial description notes user interaction is needed f...
CVE-2021-0596
In phNciNfcRecvMfResp of phNxpExtnsMifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2021-0601
In encodeFrames of avcencfuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-0604
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0588
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0594
CVE-2021-0594 affects Android: In ConfirmConnectActivity.onCreate, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege by deceiving a user into allowing a Bluetooth connection with no additional exec...
CVE-2021-0515
In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-0515
CVE-2021-0515 : In Android, there is an out-of-bounds write due to an incorrect bounds check in Factory::CreateStrictFunctionMap (factory.cc). This can cause remote code execution in an unprivileged process with no additional privileges and without user interaction. Affected: Android versions 8.1...
CVE-2020-0417
In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Amazon Linux 2 : wpa_supplicant (ALAS-2021-1648)
The version of wpasupplicant installed on the remote host is prior to 2.6-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1648 advisory. In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remot...
Medium: wpa_supplicant
Issue Overview: In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed f...
CVE-2021-0478
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for...
CVE-2021-0506
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0522
In ConnectionHandler::SdpCb of connectionhandler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...
CVE-2021-0516
In p2pprocessprovdiscreq of p2ppd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2021-0513
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is n...
CVE-2021-0511
In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...
CVE-2021-0510
In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...