CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0968
https://notcve.org/view.php?id=CVE-2021-0968
15 Dec 2021 — In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 En las funciones osi_malloc y osi_calloc del archivo allocator.cc, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría ... • https://source.android.com/security/bulletin/2021-12-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0970
https://notcve.org/view.php?id=CVE-2021-0970
15 Dec 2021 — In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023 En la función createFromParcel del archivo GpsNavigationMessage.java, se presenta un posible desajuste de serialización/deserialización de Parcelas. Esto podr... • https://source.android.com/security/bulletin/2021-12-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0952
https://notcve.org/view.php?id=CVE-2021-0952
15 Dec 2021 — In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 En la función doCropPhoto del archivo PhotoSelectionHandler.java, se presenta una posible omisión de permisos debido a un adjunto confuso. Esto podría ... • https://source.android.com/security/bulletin/2021-12-01 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0965
https://notcve.org/view.php?id=CVE-2021-0965
15 Dec 2021 — In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 En el archivo AndroidManifest.xml de Settings, se presenta la posibilidad de emparejar un dispositivo Bluetooth sin el consentimien... • https://source.android.com/security/bulletin/2021-12-01 • CWE-862: Missing Authorization •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0955
https://notcve.org/view.php?id=CVE-2021-0955
15 Dec 2021 — In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 En la función pf_write_buf del archivo FuseDaemon.cpp, se presenta una posible corrupción de memoria debido a una condición de carrera. Esto podría conllevar a una escalada local de privilegios sin ser necesario... • https://source.android.com/security/bulletin/2021-12-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0964
https://notcve.org/view.php?id=CVE-2021-0964
15 Dec 2021 — In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 En la función C2SoftMP3::process() del archivo C2SoftMp3Dec.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de la pila... • https://source.android.com/security/bulletin/2021-12-01 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0956
https://notcve.org/view.php?id=CVE-2021-0956
15 Dec 2021 — In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 En la función NfcTag::discoverTechnologies (activación) del archivo NfcTag.cpp, se presenta una posible escritura fuera de límites debido a una comprobació... • https://source.android.com/security/bulletin/2021-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0971
https://notcve.org/view.php?id=CVE-2021-0971
15 Dec 2021 — In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 En la función MPEG4Source::read del archivo MPEG4Extractor.cpp, se presenta una posible escritura fuera de los límites debido a una falta de comprobación de límites... • https://source.android.com/security/bulletin/2021-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0953
https://notcve.org/view.php?id=CVE-2021-0953
15 Dec 2021 — In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 En la función setOnClickActivityIntent del archivo SearchWidgetProvider.java, es posible acceder a los contact... • https://source.android.com/security/bulletin/2021-12-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0704
https://notcve.org/view.php?id=CVE-2021-0704
15 Dec 2021 — In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 En la función createNoCredentialsPermissionNotification y funciones relacionada... • https://source.android.com/security/bulletin/2021-12-01 • CWE-281: Improper Preservation of Permissions •