CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0963
https://notcve.org/view.php?id=CVE-2021-0963
15 Dec 2021 — In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 En la función onCreate del archivo KeyChainActivity.java, se presenta una posible forma de utilizar un certificado de aplicación almacen... • https://github.com/Trinadh465/packages_apps_KeyChain_AOSP10_r33_CVE-2021-0963 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0968
https://notcve.org/view.php?id=CVE-2021-0968
15 Dec 2021 — In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 En las funciones osi_malloc y osi_calloc del archivo allocator.cc, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría ... • https://source.android.com/security/bulletin/2021-12-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0970
https://notcve.org/view.php?id=CVE-2021-0970
15 Dec 2021 — In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023 En la función createFromParcel del archivo GpsNavigationMessage.java, se presenta un posible desajuste de serialización/deserialización de Parcelas. Esto podr... • https://source.android.com/security/bulletin/2021-12-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0952
https://notcve.org/view.php?id=CVE-2021-0952
15 Dec 2021 — In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 En la función doCropPhoto del archivo PhotoSelectionHandler.java, se presenta una posible omisión de permisos debido a un adjunto confuso. Esto podría ... • https://source.android.com/security/bulletin/2021-12-01 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0965
https://notcve.org/view.php?id=CVE-2021-0965
15 Dec 2021 — In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 En el archivo AndroidManifest.xml de Settings, se presenta la posibilidad de emparejar un dispositivo Bluetooth sin el consentimien... • https://source.android.com/security/bulletin/2021-12-01 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0964
https://notcve.org/view.php?id=CVE-2021-0964
15 Dec 2021 — In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 En la función C2SoftMP3::process() del archivo C2SoftMp3Dec.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de la pila... • https://source.android.com/security/bulletin/2021-12-01 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0971
https://notcve.org/view.php?id=CVE-2021-0971
15 Dec 2021 — In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 En la función MPEG4Source::read del archivo MPEG4Extractor.cpp, se presenta una posible escritura fuera de los límites debido a una falta de comprobación de límites... • https://source.android.com/security/bulletin/2021-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0953
https://notcve.org/view.php?id=CVE-2021-0953
15 Dec 2021 — In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 En la función setOnClickActivityIntent del archivo SearchWidgetProvider.java, es posible acceder a los contact... • https://source.android.com/security/bulletin/2021-12-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0704
https://notcve.org/view.php?id=CVE-2021-0704
15 Dec 2021 — In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 En la función createNoCredentialsPermissionNotification y funciones relacionada... • https://source.android.com/security/bulletin/2021-12-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0919
https://notcve.org/view.php?id=CVE-2021-0919
15 Dec 2021 — In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 En la función getService del archivo IServiceManager.cpp, se presenta una posible excepción no manejada debido a un desbordamiento de enteros. Esto podría conl... • https://source.android.com/security/bulletin/2021-11-01 • CWE-190: Integer Overflow or Wraparound •