CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0706
https://notcve.org/view.php?id=CVE-2021-0706
22 Oct 2021 — In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889 En startListening de PluginManagerImpl.java, existe una posible forma de desactivar componentes arbitrarios de la aplicación debido a una comprobación de permisos... • https://source.android.com/security/bulletin/2022-02-01 • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0870 – Android NFC Type Confusion
https://notcve.org/view.php?id=CVE-2021-0870
22 Oct 2021 — In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262 En la función RW_SetActivatedTagType del archivo rw_main.cc, se presenta una posible corrupción de memoria debido a una condición de carrera. Esto podría conllevar a una ejecución ... • https://packetstorm.news/files/id/164704 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2021-0705
https://notcve.org/view.php?id=CVE-2021-0705
22 Oct 2021 — In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103 En la función sanitizeSbn del archivo NotificationManagerService.java, se presenta una posible forma de ... • https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0705 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0652
https://notcve.org/view.php?id=CVE-2021-0652
22 Oct 2021 — In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 En la función VectorDrawable::VectorDrawable del archivo VectorDrawable.java, se presenta una posible forma de intro... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0652 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0703
https://notcve.org/view.php?id=CVE-2021-0703
22 Oct 2021 — In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329 En la función SecondStageMain del archivo init.cpp, se presenta un posible uso de memoria previamente liberada debido al uso incorrecto de shared_ptr. Est... • https://source.android.com/security/bulletin/2021-10-01 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0643
https://notcve.org/view.php?id=CVE-2021-0643
22 Oct 2021 — In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183612370 En getAllSubInfoList de SubscriptionController.java, existe una posible forma de recuperar un identificador de larga... • https://source.android.com/security/bulletin/2022-01-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0708
https://notcve.org/view.php?id=CVE-2021-0708
22 Oct 2021 — In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161 En la función runDumpHeap del archivo ActivityManagerShellCommand.java, se presenta un posible borrado de archivos del sistema debido a una vulnerabili... • https://source.android.com/security/bulletin/2021-10-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0483
https://notcve.org/view.php?id=CVE-2021-0483
22 Oct 2021 — In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911 En múltiples métodos de AAudioService, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. Esto podría conllevar a una escalada local de privilegios, con privilegios... • https://source.android.com/security/bulletin/2021-10-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0651
https://notcve.org/view.php?id=CVE-2021-0651
22 Oct 2021 — In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844 En la función loadLabel del archivo PackageItemInfo.java, se presenta una posible forma de hacer DoS a un dispositivo al tener una etiqueta larga en un... • https://source.android.com/security/bulletin/2021-10-01 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25491
https://notcve.org/view.php?id=CVE-2021-25491
06 Oct 2021 — A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. Una vulnerabilidad en mfc driver versiones anteriores a SMR Oct-2021 Release 1, permite una corrupción de memoria por medio de una desreferencia de puntero NULL • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-476: NULL Pointer Dereference •