CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0952
https://notcve.org/view.php?id=CVE-2021-0952
15 Dec 2021 — In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 En la función doCropPhoto del archivo PhotoSelectionHandler.java, se presenta una posible omisión de permisos debido a un adjunto confuso. Esto podría ... • https://source.android.com/security/bulletin/2021-12-01 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0965
https://notcve.org/view.php?id=CVE-2021-0965
15 Dec 2021 — In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 En el archivo AndroidManifest.xml de Settings, se presenta la posibilidad de emparejar un dispositivo Bluetooth sin el consentimien... • https://source.android.com/security/bulletin/2021-12-01 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0964
https://notcve.org/view.php?id=CVE-2021-0964
15 Dec 2021 — In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 En la función C2SoftMP3::process() del archivo C2SoftMp3Dec.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de la pila... • https://source.android.com/security/bulletin/2021-12-01 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0953
https://notcve.org/view.php?id=CVE-2021-0953
15 Dec 2021 — In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 En la función setOnClickActivityIntent del archivo SearchWidgetProvider.java, es posible acceder a los contact... • https://source.android.com/security/bulletin/2021-12-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0971
https://notcve.org/view.php?id=CVE-2021-0971
15 Dec 2021 — In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 En la función MPEG4Source::read del archivo MPEG4Extractor.cpp, se presenta una posible escritura fuera de los límites debido a una falta de comprobación de límites... • https://source.android.com/security/bulletin/2021-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0704
https://notcve.org/view.php?id=CVE-2021-0704
15 Dec 2021 — In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 En la función createNoCredentialsPermissionNotification y funciones relacionada... • https://source.android.com/security/bulletin/2021-12-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0919
https://notcve.org/view.php?id=CVE-2021-0919
15 Dec 2021 — In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 En la función getService del archivo IServiceManager.cpp, se presenta una posible excepción no manejada debido a un desbordamiento de enteros. Esto podría conl... • https://source.android.com/security/bulletin/2021-11-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0926
https://notcve.org/view.php?id=CVE-2021-0926
15 Dec 2021 — In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 En la función onCreate del archivo NfcImportVCardActivity.java, se presenta la posibilidad de añadir un contacto sin el consentimien... • https://source.android.com/security/bulletin/2021-11-01 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0650
https://notcve.org/view.php?id=CVE-2021-0650
15 Dec 2021 — In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 En la función WT_InterpolateNoLoop del archivo eas_wtengine.c, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría c... • https://source.android.com/security/bulletin/2021-11-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0927
https://notcve.org/view.php?id=CVE-2021-0927
15 Dec 2021 — In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 En la función requestChannelBrowsable del archivo TvInputManagerService.java, se presenta una posible omisión de permisos debido a un... • https://source.android.com/security/bulletin/2021-11-01 • CWE-281: Improper Preservation of Permissions •