CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 1CVE-2021-0319
https://notcve.org/view.php?id=CVE-2021-0319
11 Jan 2021 — In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. En la función checkCaller... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0319 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0304
https://notcve.org/view.php?id=CVE-2021-0304
11 Jan 2021 — In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636. En varias funciones del archivo GlobalScreenshot.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro... • https://source.android.com/security/bulletin/2021-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0322
https://notcve.org/view.php?id=CVE-2021-0322
11 Jan 2021 — In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361. En la función onCreate del archivo SlicePermissionActivity.java, se presenta una posible cadena engañosa que se muestra debido a una comprobación inapropiada de la en... • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0309
https://notcve.org/view.php?id=CVE-2021-0309
11 Jan 2021 — In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899. En la función onCreate del archivo grantCredentialsPermissionActivity, se presenta un confused deputy. • https://source.android.com/security/bulletin/2021-01-01 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2021-0308 – gdisk: possible out-of-bounds-write in ReadLogicalParts of basicmbr.cc
https://notcve.org/view.php?id=CVE-2021-0308
11 Jan 2021 — In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. En la función ReadLogicalParts del archivo basicmbr.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de ... • https://github.com/Trinadh465/platform_external_gptfdisk_AOSP10_r33_CVE-2021-0308 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-0306
https://notcve.org/view.php?id=CVE-2021-0306
11 Jan 2021 — In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240. En la func... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0306_CVE-2021-0317 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-27059
https://notcve.org/view.php?id=CVE-2020-27059
11 Jan 2021 — In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069. En la función onAuthenticated del archivo AuthenticationClient.java, se presenta un posible ataque de tipo tapj... • https://source.android.com/security/bulletin/pixel/2021-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22492
https://notcve.org/view.php?id=CVE-2021-22492
05 Jan 2021 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021). Se detectó un problema en los dispositivos móviles de Samsung con versiones de software O(8.x), P(9.0) y Q(10.0) (chipsets Broadcom Bluetooth). El controlador UART de Bluetooth presenta un desbordamiento del búfer. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22495
https://notcve.org/view.php?id=CVE-2021-22495
05 Jan 2021 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021). Se detectó un problema en los dispositivos móviles de Samsung con versiones de software O(8.x), P(9.0), Q(10.0) y R(11.0) (chipsets Exynos). El controlador GPU de Mali permite un acceso fuera de límites y el reinicio del dispositivo. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35549
https://notcve.org/view.php?id=CVE-2020-35549
18 Dec 2020 — An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software O(8.x), P(9.0) y Q(10.0). Cualquier aplicación puede establecerse como el marcador predeterminado, sin una interacción del usuario. • https://security.samsungmobile.com/securityUpdate.smsb •