CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0558
https://notcve.org/view.php?id=CVE-2021-0558
22 Jun 2021 — In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173473906 En la función fillMainDataBuf del archivo pvmp3_framedecoder.cpp, se presenta una posible lectura fuera de límites debido a un desbordamiento del búfer de la pila. Esto podría conllevar a una div... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0556
https://notcve.org/view.php?id=CVE-2021-0556
22 Jun 2021 — In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941 En la función getBlockSum del archivo fastcodemb.cpp, se presenta una posible lectura fuera de límites debido a un desbordamiento del búfer de la pila. Esto podría conllevar a una divulgación de informaci... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0564
https://notcve.org/view.php?id=CVE-2021-0564
22 Jun 2021 — In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665 En la función decrypt del archivo CryptoPlugin.cpp, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. Esto podría conllevar a una escalada de privilegios local con privilegios de... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0557
https://notcve.org/view.php?id=CVE-2021-0557
22 Jun 2021 — In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129 En la función setRange del archivo ABuffer.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una ejecución de código remota sin ser necesarios privilegios... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0565
https://notcve.org/view.php?id=CVE-2021-0565
22 Jun 2021 — In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970 En la función wrapUserThread del archivo AudioStream.cpp, se presenta un posible uso de la memoria previamente liberada debido a una condición de carrera. Esto podría conllevar a una escalada de privilegios lo... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0572
https://notcve.org/view.php?id=CVE-2021-0572
22 Jun 2021 — In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355 En la función doNotification del archivo AccountManagerService.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conllevar a una divulgación de infor... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0569
https://notcve.org/view.php?id=CVE-2021-0569
22 Jun 2021 — In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870 En la función onStart del archivo ContactsDumpActivity.java, se presenta un posible acceso a los contactos debido a un ataque de tapjacking/superposición. Esto podría conllevar a una divulgación de informaci... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0554
https://notcve.org/view.php?id=CVE-2021-0554
22 Jun 2021 — In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162 En la función isBackupServiceActive del archivo BackupManagerService.java, se presenta una falta de comprobación de permisos. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegio... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0570
https://notcve.org/view.php?id=CVE-2021-0570
22 Jun 2021 — In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845 En la función sendBugreportNotification del archivo BugreportProgressService.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conllev... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0568
https://notcve.org/view.php?id=CVE-2021-0568
22 Jun 2021 — In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238 En la función onReceive del archivo DevicePolicyManagerService.java, se presenta la posibilidad de habilitar perfiles deshabilitados debido a una falta de comprobación de pe... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-862: Missing Authorization •