CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0313
https://notcve.org/view.php?id=CVE-2021-0313
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514. En la función isWordBreakAfter del archivo LayoutUtils.cpp, existe una posible manera de ralentizar o bloquear un TextView debido a una comprobación inapropiada de la entrada. • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0312
https://notcve.org/view.php?id=CVE-2021-0312
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712. En la función WAVSource::read del archivo WAVExtractor.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. • https://source.android.com/security/bulletin/2021-01-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0311
https://notcve.org/view.php?id=CVE-2021-0311
In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631. En la función ElementaryStreamQueue::dequeueAccessUnitH264() del archivo ESQueue.cpp, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://source.android.com/security/bulletin/2021-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0315
https://notcve.org/view.php?id=CVE-2021-0315
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. En la función onCreate del archivo GrantCredentialsPermissionActivity.java, existe una posible manera de convencer al usuario de que otorgue acceso de aplicación a una cuenta debido a un ataque de tapjacking/overlay. • https://source.android.com/security/bulletin/2021-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0471
https://notcve.org/view.php?id=CVE-2020-0471
In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567. En la función reassemble_and_dispatch del archivo packet_fragmenter.cc, existe una posible manera de inyectar paquetes en una conexión Bluetooth cifrada debido a una comprobación inapropiada de la entrada. • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •