CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0600
https://notcve.org/view.php?id=CVE-2021-0600
14 Jul 2021 — In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 En la función onCreate del archivo DeviceAdminAdd.java, se presenta una posible manera de engañar a un usuario para activar una aplicac... • https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0600 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0602
https://notcve.org/view.php?id=CVE-2021-0602
14 Jul 2021 — In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895 En la función onCreateOptionsMenu del archivo WifiNetworkDetailsFragment.java, se presenta una posible manera p... • https://source.android.com/security/bulletin/2021-07-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0597
https://notcve.org/view.php?id=CVE-2021-0597
14 Jul 2021 — In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502 En las funciones notifyProfileAdded y notifyProfileRemoved del archivo SipService.java, se presenta una posible manera ... • https://source.android.com/security/bulletin/2021-07-01 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0594
https://notcve.org/view.php?id=CVE-2021-0594
14 Jul 2021 — In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224 En la función onCreate del archivo ConfirmConnectActivity, se ... • https://github.com/Satheesh575555/packages_apps_Nfc_AOSP10_r33_CVE-2021-0594 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0599
https://notcve.org/view.php?id=CVE-2021-0599
14 Jul 2021 — In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289 En la función scheduleTimeoutLocked del archivo NotificationRecord.java, se presenta una posible divulgación de un i... • https://source.android.com/security/bulletin/2021-07-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0590
https://notcve.org/view.php?id=CVE-2021-0590
14 Jul 2021 — In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041 En la función sendNetworkConditionsBroadcast del archivo NetworkMonitor.java, se pre... • https://source.android.com/security/bulletin/2021-07-01 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0441
https://notcve.org/view.php?id=CVE-2021-0441
14 Jul 2021 — In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520 En la función onCreate del archivo PermissionActivity.java, se presenta una posible derivación de permisos debido a una Interfaz de Usuario Confusa. Esto podría conllevar a una escalada de privilegios local sin s... • https://source.android.com/security/bulletin/2021-07-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0486
https://notcve.org/view.php?id=CVE-2021-0486
14 Jul 2021 — In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330 En la función onPackageAddedInternal del archivo PermissionManagerService.java, se presenta un posible acceso al almacenamiento externo debido a una omisión de permisos. E... • https://source.android.com/security/bulletin/2021-07-01 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0515
https://notcve.org/view.php?id=CVE-2021-0515
14 Jul 2021 — In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063 En la función Factory::CreateStrictFunctionMap del archivo factory.cc, se presenta una posible escritura fuera de límites debido a... • https://source.android.com/security/bulletin/2021-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0514
https://notcve.org/view.php?id=CVE-2021-0514
14 Jul 2021 — In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069 En varias funciones de la biblioteca V8, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. Esto podría conlleva... • https://source.android.com/security/bulletin/2021-07-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •