Memory corruption

In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...

Double free

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9...

Integer overflow

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...

Design/Logic Flaw

In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAGOBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Design/Logic Flaw

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android I...

Input validation

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privilege...

Design/Logic Flaw

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User...

Race condition

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for...

CVE-2021-0444

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8...

CVE-2021-0400

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privilege...

CVE-2021-0436

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1...

CVE-2021-0436

CVE-2021-0436: In CryptoPlugin::decrypt (CryptoPlugin.cpp) on Android, there is a possible out-of-bounds read caused by integer overflow, potentially leading to local information disclosure without extra privileges. Affected: Android devices (Android-8.1, 9, 10, 11). Impact is information disclos...

CVE-2021-0471

CVE-2021-0471 : In Android, the decrypt_1_2 function in CryptoPlugin.cpp can trigger an out-of-bounds read due to an integer overflow, leading to local information disclosure without extra privileges or user interaction. Affected: Android 8.1, 9, 10, 11. No public details in the connected docs sp...

CVE-2021-0429

In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...

CVE-2021-0431

In avrcmsgcback of avrcapi.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0445

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android I...

CVE-2021-0443

CVE-2021-0443 : Apple Android flaw affecting ScreenshotHelper.java and related files where a race condition can cause an incorrectly saved screenshot, enabling local information disclosure across user profiles. Exploitation requires user interaction; impact is information disclosure with no extra...

Google Android 缓冲区错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the System component of Google Android 8.1, 9, 10, and 11. No details of the vulnerability are provided at this ti...

Google Android 安全漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 8.1, 9, 10, and 11. No details of the vulnerability are provided at this ti...

EulerOS 2.0 SP5 : libjpeg-turbo (EulerOS-SA-2021-1686)

According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In generatejsimdyccrgbconvertneon of jsimdarm64neon.S, there is a possible out of bounds write due to a missing bounds check. This could lea...