CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0644
https://notcve.org/view.php?id=CVE-2021-0644
06 Oct 2021 — In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462 En la función conditionallyRemoveIdentifiers del archivo SubscriptionController.java, se presenta una posible forma de recuperar un identificador ... • https://source.android.com/security/bulletin/2021-09-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0598
https://notcve.org/view.php?id=CVE-2021-0598
06 Oct 2021 — In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108 En la función onCreate del archivo ConfirmConnectActivity.java, se presenta un posible emparejamiento de dispositivos Bluetooth no confiables debido... • https://source.android.com/security/bulletin/2021-09-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0684
https://notcve.org/view.php?id=CVE-2021-0684
06 Oct 2021 — In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665 En la función TouchInputMapper::sync del archivo TouchInputMapper.cpp, se presenta una posible escritura fuera de límites debido a un uso de memoria previamen... • https://source.android.com/security/bulletin/2021-09-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0692
https://notcve.org/view.php?id=CVE-2021-0692
06 Oct 2021 — In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753 En la función sendBroadcastToInstaller del archivo FirstScreenBroadcast.java, se presenta un posible lanzamiento de actividad debido a un PendingIntent no segur... • https://source.android.com/security/bulletin/2021-09-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0686
https://notcve.org/view.php?id=CVE-2021-0686
06 Oct 2021 — In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831 En la función getDefaultSmsPackage del archivo RoleManagerService.java, se presenta una posible forma de conseguir... • https://source.android.com/security/bulletin/2021-09-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0595
https://notcve.org/view.php?id=CVE-2021-0595
06 Oct 2021 — In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096 En la función lockAllProfileTasks del archivo RootWindowContainer.java, se presenta una posible forma de acceder al perfil de tr... • https://source.android.com/security/bulletin/2021-09-01 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0688
https://notcve.org/view.php?id=CVE-2021-0688
06 Oct 2021 — In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543 En la función lockNow del archivo PhoneWindowManager.java, se presenta una posible omisión de la pantalla de bloqueo debido a una condición de carrera. Esto podría conllevar a una ... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0688 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0682
https://notcve.org/view.php?id=CVE-2021-0682
06 Oct 2021 — In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555 En la función sendAccessibilityEvent del archivo NotificationManagerService.java, se presenta una posible divulgación de datos de notif... • https://source.android.com/security/bulletin/2021-09-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2021-23243
https://notcve.org/view.php?id=CVE-2021-23243
27 Sep 2021 — In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. En la aplicación de la batería de Oppo, el SDK de terceros proporciona la función de cargar un proveedor de terceros, que puede ser usada • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1437389627236556800 •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-0660
https://notcve.org/view.php?id=CVE-2021-0660
27 Sep 2021 — In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145. En ccu, hay una posible lectura fuera de límites debido a un manejo incorrecto de errores. • https://corp.mediatek.com/product-security-bulletin/September-2021 • CWE-125: Out-of-bounds Read •