Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-25371 |
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. Published: March 26, 2021; 3:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2021-25370 |
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Published: March 26, 2021; 3:15:12 PM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2021-0389 |
In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0388 |
In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0387 |
In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2021-0386 |
In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-0385 |
In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0383 |
In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0382 |
In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140727941 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0381 |
In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153466381 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0380 |
In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172459128 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0379 |
In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154075955 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-0398 |
In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173516292 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0397 |
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-0396 |
In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-0395 |
In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0394 |
In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0393 |
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-0392 |
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730 Published: March 10, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0391 |
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550 Published: March 10, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |