Lucene search
K

952 matches found

CVE
CVE
added 2021/02/10 4:50 p.m.118 views

CVE-2021-0314

The CVE-2021-0314 issue affects Android’s UninstallerActivity in the Framework. It describes a tapjacking/overlay-based method to uninstall an app without informed user consent, leading to local elevation of privilege with User execution privileges needed. Affected Android versions include 8.1, 9...

7.3CVSS7.2AI score0.00274EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/10 4:49 p.m.28 views

CVE-2021-0331

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product:...

7.5AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/10 4:49 p.m.19 views

CVE-2021-0334

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...

8AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/10 4:49 p.m.27 views

CVE-2021-0336

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product...

7.9AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/10 4:48 p.m.23 views

CVE-2021-0337

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-...

7.9AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/10 4:48 p.m.28 views

CVE-2021-0302

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

8AI score0.00705EPSS
Exploits0References1
CVE
CVE
added 2021/02/10 4:48 p.m.132 views

CVE-2021-0302

CVE-2021-0302 describes a tapjacking/overlay risk in Android’s PackageInstaller caused by an insecure default value, enabling local escalation of privilege with no extra execution privileges and requiring user interaction to exploit. Affected products: Android versions 8.1, 9, and 10 (per the vul...

9.3CVSS7.7AI score0.00705EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/10 4:48 p.m.23 views

CVE-2021-0305

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

8AI score0.00517EPSS
Exploits0References1
CVE
CVE
added 2021/02/10 4:48 p.m.156 views

CVE-2021-0339

CVE-2021-0339 is an Android elevation-of-privilege issue found in WindowContainer.java loadAnimation, enabling a malicious app to remain visible while another app is foregrounded. This could allow local privilege escalation with no extra execution privileges; user interaction is required to explo...

9.3CVSS7.6AI score0.00732EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/05 11:38 p.m.93 views

CVE-2020-11836

Technical details about CVE-2020-11836 are not provided in the supplied documents; no specifics on affected components, root cause, or fixes are publicly available. Monitor for updates.

5.5CVSS5.4AI score0.00148EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/02/04 7:15 p.m.12 views

CVE-2021-0350

In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...

4.9CVSS0.00147EPSS
Exploits0References1
Prion
Prion
added 2021/02/04 7:15 p.m.13 views

Input validation

In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...

4.9CVSS4.6AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/04 5:10 p.m.18 views

CVE-2021-0348

In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID:...

7AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2021/02/04 5:10 p.m.45 views

CVE-2021-0347

The CVE-2021-0347 entry concerns the Android subsystem component “ccu,” where a missing bounds check enables an out-of-bounds read. This could permit local information disclosure with System privileges required, and would require user interaction to exploit. Affected products/versions explicitly ...

4.4CVSS4.2AI score0.00155EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/03 12:15 a.m.18 views

Integer overflow

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch...

4.6CVSS6.7AI score0.00155EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/02/02 12:0 a.m.8 views

Google Android System elevation of privilege vulnerability (CNVD-2021-13691)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 8.1, 9, 10, and 11. An attacker could exploit this vulnerability to cause a...

7.8CVSS6.5AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.6 views

Google Android 缓冲区错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Media Framework component of Google Android 8.1, 9, 10, and 11. An attacker can exploit this vulnerability to...

9.3CVSS7.9AI score0.02046EPSS
Exploits0References2
NVD
NVD
added 2021/01/11 10:15 p.m.28 views

CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...

7.8CVSS7.9AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2021/01/11 10:15 p.m.20 views

CVE-2021-0317

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...

7.8CVSS7.7AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2021/01/11 10:15 p.m.16 views

CVE-2021-0312

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1,...

7.1CVSS6.3AI score0.01098EPSS
Exploits0References1
Rows per page
Query Builder