CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0311
https://notcve.org/view.php?id=CVE-2021-0311
11 Jan 2021 — In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631. En la función ElementaryStreamQueue::dequeueAccessUnitH264() del archivo ESQueue.cpp, se presenta una posible escritura... • https://source.android.com/security/bulletin/2021-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 2CVE-2021-0315
https://notcve.org/view.php?id=CVE-2021-0315
11 Jan 2021 — In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. En la función onCreate del archivo GrantCredentialsPermissionActivity.java, existe una posi... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0315 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2020-0471
https://notcve.org/view.php?id=CVE-2020-0471
11 Jan 2021 — In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567. En la función reassemble_and_d... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2020-0471 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 1CVE-2021-0316
https://notcve.org/view.php?id=CVE-2021-0316
11 Jan 2021 — In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990. En la función avrc_pars_vendor_cmd del archivo avrc_pars_tg.cc, se presenta una posible escritura fuera de límites debido a que fa... • https://github.com/Satheesh575555/system_bt_AOSP_10_r33_CVE-2021-0316 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0317
https://notcve.org/view.php?id=CVE-2021-0317
11 Jan 2021 — In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670. En la función createOrUpdate del archivo Permission.java y el código relacionado, se presenta una posible escalada de permisos debido a un ... • https://source.android.com/security/bulletin/2021-01-01 • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 1CVE-2021-0319
https://notcve.org/view.php?id=CVE-2021-0319
11 Jan 2021 — In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. En la función checkCaller... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0319 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0304
https://notcve.org/view.php?id=CVE-2021-0304
11 Jan 2021 — In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636. En varias funciones del archivo GlobalScreenshot.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro... • https://source.android.com/security/bulletin/2021-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0309
https://notcve.org/view.php?id=CVE-2021-0309
11 Jan 2021 — In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899. En la función onCreate del archivo grantCredentialsPermissionActivity, se presenta un confused deputy. • https://source.android.com/security/bulletin/2021-01-01 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2021-0308 – gdisk: possible out-of-bounds-write in ReadLogicalParts of basicmbr.cc
https://notcve.org/view.php?id=CVE-2021-0308
11 Jan 2021 — In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. En la función ReadLogicalParts del archivo basicmbr.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de ... • https://github.com/Trinadh465/platform_external_gptfdisk_AOSP10_r33_CVE-2021-0308 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-0306
https://notcve.org/view.php?id=CVE-2021-0306
11 Jan 2021 — In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240. En la func... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0306_CVE-2021-0317 • CWE-269: Improper Privilege Management •