CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0511
https://notcve.org/view.php?id=CVE-2021-0511
21 Jun 2021 — In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 En la función Dex2oat del archivo dex2oat.cc, se presenta una posible forma de inyectar bytecode en una aplicación debido a una comprobación inapropiada de entrada. Esto p... • https://github.com/Trinadh465/platform_art_AOSP10_r33_CVE-2021-0511 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0510
https://notcve.org/view.php?id=CVE-2021-0510
21 Jun 2021 — In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622 En la función decrypt_1_2 del archivo CryptoPlugin.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a ... • https://github.com/pazhanivel07/hardware_interfaces-A10_r33_CVE-2021-0510 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0509
https://notcve.org/view.php?id=CVE-2021-0509
21 Jun 2021 — In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161 En varias funciones del archivo CryptoPlugin.cpp, se presenta un posible uso de la memoria previamente liberada debido a una condición de carrera. Esto podría conllevar a u... • https://github.com/Trinadh465/frameworks_av_AOSP10_r33_CVE-2021-0509 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0508
https://notcve.org/view.php?id=CVE-2021-0508
21 Jun 2021 — In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154 En varias funciones del archivo DrmPlugin.cpp, se presenta un posible uso de la memoria previamente liberada debido a una condición de carrera. Esto podría conllevar a una esc... • https://github.com/nanopathi/frameworks_av_AOSP10_r33_CVE-2021-0508 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0521
https://notcve.org/view.php?id=CVE-2021-0521
21 Jun 2021 — In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955 En getAllPackages de la función PackageManagerService, se presenta una posible divulgación de información debido a una falta de... • https://source.android.com/security/bulletin/2021-06-01 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 1CVE-2021-0522
https://notcve.org/view.php?id=CVE-2021-0522
21 Jun 2021 — In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139 En la función ConnectionHandler::SdpCb del archivo connection_handler.cc, se presenta una posible lectura fuera de límites debido a un uso de la memoria previamente lib... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2021-0522 • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0478
https://notcve.org/view.php?id=CVE-2021-0478
21 Jun 2021 — In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797 En la función updateDrawable del archivo StatusBarIconView.java, se presenta una posible omisión de permisos de... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0478 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0513
https://notcve.org/view.php?id=CVE-2021-0513
21 Jun 2021 — In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809 En la función deleteNotificationChannel y las funciones relacionadas del archivo NotificationMa... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0513 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0472
https://notcve.org/view.php?id=CVE-2021-0472
11 Jun 2021 — In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033 En la función shouldLockKeyguard del archivo LockTaskController.java, se presenta una posible manera de salir de App Pinning sin un PIN debido a una ... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0472 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0477
https://notcve.org/view.php?id=CVE-2021-0477
11 Jun 2021 — In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-178189250 En la función notifyScreenshotError del archivo ScreenshotNotificationsController.java, se presenta una posible omisión de permisos debido a un P... • https://source.android.com/security/bulletin/2021-05-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •