Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25344 | 1 Google | 1 Android | 2021-03-11 | 2.1 LOW | 5.5 MEDIUM |
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | |||||
CVE-2021-25345 | 2 Google, Samsung | 2 Android, Exynos | 2021-03-11 | 4.9 MEDIUM | 5.5 MEDIUM |
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | |||||
CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-03-11 | 2.1 LOW | 5.2 MEDIUM |
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
CVE-2020-15980 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Android and 2 more | 2021-03-11 | 4.6 MEDIUM | 7.8 HIGH |
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. | |||||
CVE-2021-25335 | 2 Google, Samsung | 2 Android, One Ui | 2021-03-11 | 1.9 LOW | 2.5 LOW |
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | |||||
CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2021-03-11 | 2.1 LOW | 3.3 LOW |
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2021-03-11 | 2.1 LOW | 3.3 LOW |
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
CVE-2021-25334 | 1 Google | 1 Android | 2021-03-11 | 4.7 MEDIUM | 5.5 MEDIUM |
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | |||||
CVE-2021-25330 | 1 Google | 1 Android | 2021-03-09 | 5.0 MEDIUM | 7.5 HIGH |
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
CVE-2021-21136 | 2 Google, Microsoft | 3 Android, Chrome, Edge Chromium | 2021-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2021-27901 | 1 Google | 1 Android | 2021-03-08 | 4.6 MEDIUM | 6.8 MEDIUM |
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). | |||||
CVE-2020-0465 | 1 Google | 1 Android | 2021-03-08 | 7.2 HIGH | 6.8 MEDIUM |
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel | |||||
CVE-2020-15978 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Android and 2 more | 2021-03-05 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
CVE-2021-0406 | 1 Google | 1 Android | 2021-03-04 | 7.2 HIGH | 6.7 MEDIUM |
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418. | |||||
CVE-2021-0405 | 1 Google | 1 Android | 2021-03-01 | 7.2 HIGH | 6.7 MEDIUM |
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547. | |||||
CVE-2021-0402 | 1 Google | 1 Android | 2021-03-01 | 7.2 HIGH | 6.7 MEDIUM |
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311. | |||||
CVE-2021-0366 | 1 Google | 1 Android | 2021-03-01 | 6.9 MEDIUM | 6.4 MEDIUM |
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. | |||||
CVE-2021-0367 | 1 Google | 1 Android | 2021-03-01 | 6.9 MEDIUM | 6.4 MEDIUM |
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. | |||||
CVE-2021-0401 | 1 Google | 1 Android | 2021-03-01 | 6.9 MEDIUM | 6.4 MEDIUM |
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. | |||||
CVE-2020-0499 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2021-02-25 | 4.3 MEDIUM | 4.3 MEDIUM |
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 |