CVE-2021-0471

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libexif Multiple Vulnerabilities (NS-SA-2021-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libexif packages installed that are affected by multiple vulnerabilities: - In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media...

Fedora 32 : 1:wpa_supplicant (2021-1a2443baa0)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-1a2443baa0 advisory. - In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if...

CVE-2021-0336

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product...

Information disclosure

In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661...

CVE-2020-0482

In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-2429)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : libexif (EulerOS-SA-2020-2251)

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media...

Information disclosure

In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

Information disclosure

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

Integer overflow

In Parsewave of easmdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Out-of-bounds

In Parseins of easmdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Out-of-bounds

There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727...

CVE-2020-0191

In ih264dupdatedefaultindexlist of ih264ddpbmgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android...

Design/Logic Flaw

In mnld, an incorrect configuration in drivercfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700...

CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2020-0091

In mnld, an incorrect configuration in drivercfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700...

CVE-2020-0076

CVE-2020-0076 affects the FPC Iris TZ App in Android. Description: an out-of-bounds write in get_auth_result due to a missing bounds check, enabling local elevation of privilege to System if exploited; exploitation does not require user interaction. Affected product/area: Android kernel component...

CVE-2020-0043

CVE-2020-0043 involves the FPC Fingerprint TEE on Android. In authorize_enrol of fpc_ta_hw_auth.c there is a missing bounds check causing an out-of-bounds read, leading to possible local information disclosure with system privileges and no user interaction required. Affected class: Android kernel...