Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0927 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 | |||||
| CVE-2021-0926 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 | |||||
| CVE-2021-0976 | 1 Google | 1 Android | 2021-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600 | |||||
| CVE-2021-0973 | 1 Google | 1 Android | 2021-12-17 | 1.9 LOW | 5.0 MEDIUM |
| In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178 | |||||
| CVE-2021-0925 | 1 Google | 1 Android | 2021-12-17 | 7.8 HIGH | 7.5 HIGH |
| In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150 | |||||
| CVE-2021-0971 | 1 Google | 1 Android | 2021-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 | |||||
| CVE-2021-0932 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705 | |||||
| CVE-2021-0970 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023 | |||||
| CVE-2021-0969 | 1 Google | 1 Android | 2021-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685 | |||||
| CVE-2021-0930 | 1 Google | 1 Android | 2021-12-17 | 8.3 HIGH | 8.8 HIGH |
| In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091 | |||||
| CVE-2021-0968 | 1 Google | 1 Android | 2021-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 | |||||
| CVE-2021-0967 | 1 Google | 1 Android | 2021-12-17 | 9.3 HIGH | 8.8 HIGH |
| In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614 | |||||
| CVE-2021-0929 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel | |||||
| CVE-2021-0928 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | |||||
| CVE-2021-0952 | 1 Google | 1 Android | 2021-12-17 | 4.7 MEDIUM | 5.0 MEDIUM |
| In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 | |||||
| CVE-2021-0921 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 | |||||
| CVE-2021-0963 | 1 Google | 1 Android | 2021-12-17 | 3.3 LOW | 7.1 HIGH |
| In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 | |||||
| CVE-2021-0919 | 1 Google | 1 Android | 2021-12-17 | 1.9 LOW | 5.0 MEDIUM |
| In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 | |||||
| CVE-2021-0964 | 1 Google | 1 Android | 2021-12-17 | 7.1 HIGH | 6.5 MEDIUM |
| In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 | |||||
| CVE-2021-0922 | 1 Google | 1 Android | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 | |||||