Page 36 of 2190 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670. En la función createOrUpdate del archivo Permission.java y el código relacionado, se presenta una posible escalada de permisos debido a un error lógico. • https://source.android.com/security/bulletin/2021-01-01 • CWE-863: Incorrect Authorization •

CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. En la función checkCallerIsSystemOr del archivo CompanionDeviceManagerService.java, existe una posible manera de obtener la dirección MAC de un dispositivo Bluetooth cercano sin los permisos apropiados debido a una omisión de permisos. • https://source.android.com/security/bulletin/2021-01-01 • CWE-863: Incorrect Authorization •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636. En varias funciones del archivo GlobalScreenshot.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. • https://source.android.com/security/bulletin/2021-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899. En la función onCreate del archivo grantCredentialsPermissionActivity, se presenta un confused deputy. • https://source.android.com/security/bulletin/2021-01-01 •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. En la función ReadLogicalParts del archivo basicmbr.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://lists.debian.org/debian-lts-announce/2021/02/msg00010.html https://security.gentoo.org/glsa/202105-03 https://source.android.com/security/bulletin/2021-01-01 https://access.redhat.com/security/cve/CVE-2021-0308 https://bugzilla.redhat.com/show_bug.cgi?id=2051943 • CWE-787: Out-of-bounds Write •