CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0314
https://notcve.org/view.php?id=CVE-2021-0314
10 Feb 2021 — In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302 En onCreate de UninstallerActivity, existe una forma posible de desinstalar todo sin el consentimiento informado del usuario debido a un ataq... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0314 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0330
https://notcve.org/view.php?id=CVE-2021-0330
10 Feb 2021 — In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441 En las funciones add_user_ce y remove_user_ce del archivo storaged.cpp, existe la posibilidad de un uso de la memoria previamente liberada debido a un bloqueo inap... • https://github.com/Satheesh575555/system_core_AOSP10_r33-CVE-2021-0330 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0331
https://notcve.org/view.php?id=CVE-2021-0331
10 Feb 2021 — In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783 En la función onCreate del archivo NotificationAccessConfirmationActivity.java, se presenta un posible ataque de superposición debido ... • https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0331 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0333
https://notcve.org/view.php?id=CVE-2021-0333
10 Feb 2021 — In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491 En la función onCreate del archivo BluetoothPermissionActivity.java, se presenta una ... • https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0333 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0334
https://notcve.org/view.php?id=CVE-2021-0334
10 Feb 2021 — In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-163358811 En la función onTargetSelected del archivo ResolverActivity.java, se presenta una posible omisión de configuración que permite que u... • https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0334 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0336
https://notcve.org/view.php?id=CVE-2021-0336
10 Feb 2021 — In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161 En la función onReceive del archivo BluetoothPermissionRequest.java, se presenta una posible omisión de permisos debido a un Pend... • https://github.com/Trinadh465/packages_apps_Settings_AOSP10_r33_CVE-2021-0336 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0337
https://notcve.org/view.php?id=CVE-2021-0337
10 Feb 2021 — In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195 En la función moveInMediaStore del archivo FileSystemProvider.java, se presenta una posible exposición de archivos debido a metadatos obsoletos. Esto podría conllevar a una ... • https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0337 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0302
https://notcve.org/view.php?id=CVE-2021-0302
10 Feb 2021 — In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782 En PackageInstaller, se presenta un posible ataque de tapjacking debido a un valor predeterminado no seguro. Esto podría conllevar a una escalada local de privilegios y permis... • https://github.com/ShaikUsaf/packages_apps_PackageInstaller_AOSP10_r33_CVE-2021-0302 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0305
https://notcve.org/view.php?id=CVE-2021-0305
10 Feb 2021 — In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447 En PackageInstaller, se presenta un posible ataque de tapjacking debido a un valor predeterminado no seguro. Esto podría conllevar a una escalada local de privilegios y permis... • https://source.android.com/security/bulletin/2021-02-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0339
https://notcve.org/view.php?id=CVE-2021-0339
10 Feb 2021 — In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687 En la función loadAnimation del archivo WindowContainer.java, existe una forma posible de seguir mostrando una aplicación maliciosa mientra... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0339 • CWE-754: Improper Check for Unusual or Exceptional Conditions •