CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0601
https://notcve.org/view.php?id=CVE-2021-0601
14 Jul 2021 — In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802 En la función encodeFrames del archivo avc_enc_fuzzer.cpp, se presenta una posible escritura fuera de límites debido a una doble liberación. Esto podría conllevar a una divul... • https://source.android.com/security/bulletin/2021-07-01 • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0604
https://notcve.org/view.php?id=CVE-2021-0604
14 Jul 2021 — In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660 En la función generateFileInfo del archivo BluetoothOppSendFileInfo.java, se presenta una posible manera de compartir archivos privados a... • https://source.android.com/security/bulletin/2021-07-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0600
https://notcve.org/view.php?id=CVE-2021-0600
14 Jul 2021 — In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 En la función onCreate del archivo DeviceAdminAdd.java, se presenta una posible manera de engañar a un usuario para activar una aplicac... • https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0600 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0588
https://notcve.org/view.php?id=CVE-2021-0588
14 Jul 2021 — In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342 En la función processInboundMessage del archivo MceStateMachine.java, se presenta una posible divulgación de SMS debido a una falta de comprobación de permisos. Esto podría conl... • https://source.android.com/security/bulletin/2021-07-01 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0597
https://notcve.org/view.php?id=CVE-2021-0597
14 Jul 2021 — In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502 En las funciones notifyProfileAdded y notifyProfileRemoved del archivo SipService.java, se presenta una posible manera ... • https://source.android.com/security/bulletin/2021-07-01 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0594
https://notcve.org/view.php?id=CVE-2021-0594
14 Jul 2021 — In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224 En la función onCreate del archivo ConfirmConnectActivity, se ... • https://github.com/Satheesh575555/packages_apps_Nfc_AOSP10_r33_CVE-2021-0594 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0599
https://notcve.org/view.php?id=CVE-2021-0599
14 Jul 2021 — In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289 En la función scheduleTimeoutLocked del archivo NotificationRecord.java, se presenta una posible divulgación de un i... • https://source.android.com/security/bulletin/2021-07-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0590
https://notcve.org/view.php?id=CVE-2021-0590
14 Jul 2021 — In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041 En la función sendNetworkConditionsBroadcast del archivo NetworkMonitor.java, se pre... • https://source.android.com/security/bulletin/2021-07-01 •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2021-0515
https://notcve.org/view.php?id=CVE-2021-0515
14 Jul 2021 — In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063 En la función Factory::CreateStrictFunctionMap del archivo factory.cc, se presenta una posible escritura fuera de límites debido a... • https://source.android.com/security/bulletin/2021-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 0CVE-2021-0514
https://notcve.org/view.php?id=CVE-2021-0514
14 Jul 2021 — In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069 En varias funciones de la biblioteca V8, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. Esto podría conlleva... • https://source.android.com/security/bulletin/2021-07-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •