Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-0927 |
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 Published: December 15, 2021; 2:15:11 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0920 |
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel Published: December 15, 2021; 2:15:11 PM -0500 |
V3.1: 6.4 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2021-0904 |
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. Published: December 15, 2021; 2:15:10 PM -0500 |
V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2021-0889 |
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 Published: December 15, 2021; 2:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2021-0675 |
In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258. Published: December 15, 2021; 2:15:10 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0672 |
In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035 Published: November 18, 2021; 10:15:09 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-25503 |
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. Published: November 04, 2021; 11:15:10 PM -0400 |
V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2021-25502 |
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. Published: November 04, 2021; 11:15:10 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0632 |
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05560246; Issue ID: ALPS05551383. Published: October 25, 2021; 10:15:09 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2021-0631 |
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435. Published: October 25, 2021; 10:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-0630 |
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397. Published: October 25, 2021; 10:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-0870 |
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262 Published: October 22, 2021; 10:15:08 AM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2021-0708 |
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161 Published: October 22, 2021; 10:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0652 |
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 Published: October 22, 2021; 10:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-25489 |
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. Published: October 06, 2021; 2:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2021-25488 |
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. Published: October 06, 2021; 2:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-25487 |
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. Published: October 06, 2021; 2:15:09 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25486 |
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. Published: October 06, 2021; 2:15:09 PM -0400 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25484 |
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. Published: October 06, 2021; 2:15:09 PM -0400 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25483 |
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. Published: October 06, 2021; 2:15:09 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 5.0 MEDIUM |