CVE-2021-1067
https://notcve.org/view.php?id=CVE-2021-1067
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges. NVIDIA SHIELD TV, todas las versiones anteriores a 8.2.2, contiene una vulnerabilidad en la implementación del estado del comando RPMB, en el cual un atacante puede escribir en el Bloque de configuración de protección contra escritura, lo que puede conllevar a la denegación de servicio o la escalada de privilegios • https://nvidia.custhelp.com/app/answers/detail/a_id/5148 •
CVE-2021-0313
https://notcve.org/view.php?id=CVE-2021-0313
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514. En la función isWordBreakAfter del archivo LayoutUtils.cpp, existe una posible manera de ralentizar o bloquear un TextView debido a una comprobación inapropiada de la entrada. • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •
CVE-2021-0312
https://notcve.org/view.php?id=CVE-2021-0312
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712. En la función WAVSource::read del archivo WAVExtractor.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. • https://source.android.com/security/bulletin/2021-01-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2021-0311
https://notcve.org/view.php?id=CVE-2021-0311
In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631. En la función ElementaryStreamQueue::dequeueAccessUnitH264() del archivo ESQueue.cpp, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://source.android.com/security/bulletin/2021-01-01 • CWE-787: Out-of-bounds Write •
CVE-2021-0315
https://notcve.org/view.php?id=CVE-2021-0315
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. En la función onCreate del archivo GrantCredentialsPermissionActivity.java, existe una posible manera de convencer al usuario de que otorgue acceso de aplicación a una cuenta debido a un ataque de tapjacking/overlay. • https://source.android.com/security/bulletin/2021-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •