CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2021-0435
https://notcve.org/view.php?id=CVE-2021-0435
13 Apr 2021 — In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451 En la función avrc_proc_vendor_command del archivo avrc_api.cc, se presenta una posible fuga de datos de la pila debido a datos no inicializados. Esto podría co... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2021-0435 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2021-0431
https://notcve.org/view.php?id=CVE-2021-0431
13 Apr 2021 — In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901 En la función avrc_msg_cback del arcjhvo avrc_api.cc, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites.&#... • https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2021-0431 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0445
https://notcve.org/view.php?id=CVE-2021-0445
13 Apr 2021 — In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502 En la función Star del archivo WelcomeActivity.java, se presenta un posible perfil residual debido a un confused deputy. Esto podría conllevar a una escalada de privilegios local sin ser necesarios pr... • https://source.android.com/security/bulletin/2021-04-01 •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0433
https://notcve.org/view.php?id=CVE-2021-0433
13 Apr 2021 — In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090 En la función onCreate del archivo DeviceChooserActivity.java, se presenta una forma posib... • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2021-0433 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0443
https://notcve.org/view.php?id=CVE-2021-0443
13 Apr 2021 — In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245 En varias funciones del archivo ScreenshotHelper.java y archivos relacionados, se presenta una posible captura de panta... • https://source.android.com/security/bulletin/2021-04-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0438
https://notcve.org/view.php?id=CVE-2021-0438
13 Apr 2021 — In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592 En varias funciones de los archivos InputDispatcher.cpp, WindowManagerService.java y archivos relacionados, se presenta... • https://source.android.com/security/bulletin/2021-04-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 65EXPL: 0CVE-2021-25381
https://notcve.org/view.php?id=CVE-2021-25381
09 Apr 2021 — Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Al usar un PendingIntent no seguro en Samsung Account en versiones 10.8.0.4 en Android P(9.0) y por debajo, y versiones 12.1.1.3 en Android Q(10.0) y por encima, permite a atacantes locales llevar a cabo acciones no autorizadas sin permiso por medio del secuestro del ... • https://security.samsungmobile.com • CWE-276: Incorrect Default Permissions CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25377
https://notcve.org/view.php?id=CVE-2021-25377
09 Apr 2021 — Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. Una vulnerabilidad de Intent redirection en Samsung Experience Service versiones 10.8.0.4 en Android P(9.0) por debajo y versiones 12.2.0.5 en Android Q(10.0) y superiores, permite a un atacante ejecutar una acción privilegiada • https://security.samsungmobile.com • CWE-269: Improper Privilege Management CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 7%CPEs: 4EXPL: 2CVE-2021-25374
https://notcve.org/view.php?id=CVE-2021-25374
09 Apr 2021 — An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. Una vulnerabilidad de autorización inapropiada en el esquema "samsungrewards" de Samsung Members para deeplink en versiones 2.4.83.9 en Android O(8.1) y por debajo y versiones 3.9.00.9 en Android P(9.0) y superiores, permite a atacantes remotos acce... • https://github.com/WithSecureLabs/CVE-2021-25374_Samsung-Account-Access • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-25373
https://notcve.org/view.php?id=CVE-2021-25373
09 Apr 2021 — Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Un uso de PendingIntent no seguro en el Customization Service anterior a versión 2.2.02.1 en Android O(8.x), versiones 2.4.03.0 en Android P(9.0), versiones 2.7.02.1 en Android Q(10.0) y versiones 2.9.01.1 en Android R(11... • https://security.samsungmobile.com • CWE-285: Improper Authorization •