CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1068
https://notcve.org/view.php?id=CVE-2021-1068
20 Jan 2021 — NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges. NVIDIA SHIELD TV, todas las versiones anteriores a 8.2.2, contiene una vulnerabilidad en el componente NVDEC, en el cual un atacante puede leer o escribir en una ubicación de memoria que está fuera del límite previsto del búfer, lo q... • https://nvidia.custhelp.com/app/answers/detail/a_id/5148 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1067
https://notcve.org/view.php?id=CVE-2021-1067
20 Jan 2021 — NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges. NVIDIA SHIELD TV, todas las versiones anteriores a 8.2.2, contiene una vulnerabilidad en la implementación del estado del comando RPMB, en el cual un atacante puede escribir en el Bloque de configuración de protección contra escritura, lo que puede con... • https://nvidia.custhelp.com/app/answers/detail/a_id/5148 •
CVSS: 7.8EPSS: 3%CPEs: 5EXPL: 1CVE-2021-0313
https://notcve.org/view.php?id=CVE-2021-0313
11 Jan 2021 — In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514. En la función isWordBreakAfter del archivo LayoutUtils.cpp, existe una posible manera de ralentizar o bloquear un TextView debido a... • https://github.com/Satheesh575555/frameworks_minikin_AOSP10_r33_CVE-2021-0313 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0312
https://notcve.org/view.php?id=CVE-2021-0312
11 Jan 2021 — In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712. En la función WAVSource::read del archivo WAVExtractor.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros... • https://source.android.com/security/bulletin/2021-01-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0311
https://notcve.org/view.php?id=CVE-2021-0311
11 Jan 2021 — In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631. En la función ElementaryStreamQueue::dequeueAccessUnitH264() del archivo ESQueue.cpp, se presenta una posible escritura... • https://source.android.com/security/bulletin/2021-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 2CVE-2021-0315
https://notcve.org/view.php?id=CVE-2021-0315
11 Jan 2021 — In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. En la función onCreate del archivo GrantCredentialsPermissionActivity.java, existe una posi... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0315 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2020-0471
https://notcve.org/view.php?id=CVE-2020-0471
11 Jan 2021 — In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567. En la función reassemble_and_d... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2020-0471 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 1CVE-2021-0316
https://notcve.org/view.php?id=CVE-2021-0316
11 Jan 2021 — In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990. En la función avrc_pars_vendor_cmd del archivo avrc_pars_tg.cc, se presenta una posible escritura fuera de límites debido a que fa... • https://github.com/Satheesh575555/system_bt_AOSP_10_r33_CVE-2021-0316 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0317
https://notcve.org/view.php?id=CVE-2021-0317
11 Jan 2021 — In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670. En la función createOrUpdate del archivo Permission.java y el código relacionado, se presenta una posible escalada de permisos debido a un ... • https://source.android.com/security/bulletin/2021-01-01 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0318
https://notcve.org/view.php?id=CVE-2021-0318
11 Jan 2021 — In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968. En la función appendEventsToCacheLocked del archivo SensorEventConnection.cpp, se presenta una posible escritura fuera de límites debido a un... • https://github.com/nanopathi/frameworks_native_AOSP10_r33_CVE-2021-0318 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •