CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-0954
https://notcve.org/view.php?id=CVE-2021-0954
15 Dec 2021 — In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931 En ResolverActivity, se presenta una posible omisión de la interacción del usuario debido a un ataque de tipo tapjacking/overlay. Esto podría conllevar a una escalada local de privilegios con los privilegios ... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0954 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0919
https://notcve.org/view.php?id=CVE-2021-0919
15 Dec 2021 — In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 En la función getService del archivo IServiceManager.cpp, se presenta una posible excepción no manejada debido a un desbordamiento de enteros. Esto podría conl... • https://source.android.com/security/bulletin/2021-11-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0921
https://notcve.org/view.php?id=CVE-2021-0921
15 Dec 2021 — In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 En la función ParsingPackageImpl del archivo ParsingPackageImpl.java, se presenta un posible desajuste de serialización/deserialización de paquetes debido a ... • https://source.android.com/security/bulletin/2021-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0922
https://notcve.org/view.php?id=CVE-2021-0922
15 Dec 2021 — In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 En la función enforceCrossUserOrProfilePermission del archivo PackageManagerService.java, se presenta una posible omisión del permiso IN... • https://source.android.com/security/bulletin/2021-11-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0649
https://notcve.org/view.php?id=CVE-2021-0649
15 Dec 2021 — In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886 En la función stopVpnProfile del archivo Vpn.java, se presenta un posible restablecimiento del perfil VPN debido a una omisión de permisos. Esto podría conllevar a una escalada local de p... • https://source.android.com/security/bulletin/2021-11-01 • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0650
https://notcve.org/view.php?id=CVE-2021-0650
15 Dec 2021 — In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 En la función WT_InterpolateNoLoop del archivo eas_wtengine.c, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría c... • https://source.android.com/security/bulletin/2021-11-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0926
https://notcve.org/view.php?id=CVE-2021-0926
15 Dec 2021 — In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 En la función onCreate del archivo NfcImportVCardActivity.java, se presenta la posibilidad de añadir un contacto sin el consentimien... • https://source.android.com/security/bulletin/2021-11-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0927
https://notcve.org/view.php?id=CVE-2021-0927
15 Dec 2021 — In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 En la función requestChannelBrowsable del archivo TvInputManagerService.java, se presenta una posible omisión de permisos debido a un... • https://source.android.com/security/bulletin/2021-11-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0928
https://notcve.org/view.php?id=CVE-2021-0928
15 Dec 2021 — In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 En la función createFromParcel del archivo OutputConfiguration.java, se presenta un posible desajuste de serialización/deserialización de... • https://github.com/michalbednarski/ReparcelBug2 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0930
https://notcve.org/view.php?id=CVE-2021-0930
15 Dec 2021 — In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091 En la función phNxpNciHal_process_ext_rsp del archivo phNxpNciHal_ext.cc, se presenta una posible escritura fuera de límites debido a una falta de co... • https://source.android.com/security/bulletin/2021-11-01 • CWE-787: Out-of-bounds Write •