952 matches found
CVE-2021-0314
The CVE-2021-0314 issue affects Android’s UninstallerActivity in the Framework. It describes a tapjacking/overlay-based method to uninstall an app without informed user consent, leading to local elevation of privilege with User execution privileges needed. Affected Android versions include 8.1, 9...
CVE-2021-0331
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0334
In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-0336
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product...
CVE-2021-0337
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-...
CVE-2021-0302
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...
CVE-2021-0302
CVE-2021-0302 describes a tapjacking/overlay risk in Android’s PackageInstaller caused by an insecure default value, enabling local escalation of privilege with no extra execution privileges and requiring user interaction to exploit. Affected products: Android versions 8.1, 9, and 10 (per the vul...
CVE-2021-0305
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...
CVE-2021-0339
CVE-2021-0339 is an Android elevation-of-privilege issue found in WindowContainer.java loadAnimation, enabling a malicious app to remain visible while another app is foregrounded. This could allow local privilege escalation with no extra execution privileges; user interaction is required to explo...
CVE-2020-11836
Technical details about CVE-2020-11836 are not provided in the supplied documents; no specifics on affected components, root cause, or fixes are publicly available. Monitor for updates.
CVE-2021-0350
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...
Input validation
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...
CVE-2021-0348
In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID:...
CVE-2021-0347
The CVE-2021-0347 entry concerns the Android subsystem component “ccu,” where a missing bounds check enables an out-of-bounds read. This could permit local information disclosure with System privileges required, and would require user interaction to exploit. Affected products/versions explicitly ...
Integer overflow
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch...
Google Android System elevation of privilege vulnerability (CNVD-2021-13691)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 8.1, 9, 10, and 11. An attacker could exploit this vulnerability to cause a...
Google Android 缓冲区错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Media Framework component of Google Android 8.1, 9, 10, and 11. An attacker can exploit this vulnerability to...
CVE-2021-0306
In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...
CVE-2021-0317
In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...
CVE-2021-0312
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1,...