Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7935 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0935 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel | ||||
| CVE-2021-0934 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606 | ||||
| CVE-2021-0977 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183487770 | ||||
| CVE-2021-0999 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999 | ||||
| CVE-2021-0998 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193442575 | ||||
| CVE-2021-0976 | 1 Google | 1 Android | 2024-08-03 | 6.5 Medium |
| In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600 | ||||
| CVE-2021-0955 | 1 Google | 1 Android | 2024-08-03 | 7.0 High |
| In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 | ||||
| CVE-2021-0939 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A | ||||
| CVE-2021-0990 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
| In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180 | ||||
| CVE-2021-0963 | 1 Google | 1 Android | 2024-08-03 | 7.1 High |
| In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 | ||||
| CVE-2021-0968 | 1 Google | 1 Android | 2024-08-03 | 8.8 High |
| In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 | ||||
| CVE-2021-0979 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737 | ||||
| CVE-2021-0973 | 1 Google | 1 Android | 2024-08-03 | 5.0 Medium |
| In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178 | ||||
| CVE-2021-0966 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478 | ||||
| CVE-2021-0924 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194461020References: Upstream kernel | ||||
| CVE-2021-0936 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel | ||||
| CVE-2021-0946 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
| The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if it does the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236846966 | ||||
| CVE-2021-0931 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689 | ||||
| CVE-2021-0933 | 1 Google | 1 Android | 2024-08-03 | 8.0 High |
| In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 | ||||
| CVE-2021-0942 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312 | ||||