Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-0393 |
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375 Published: March 10, 2021; 11:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-0392 |
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730 Published: March 10, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0391 |
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550 Published: March 10, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-0390 |
In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461 Published: March 10, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-25347 |
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. Published: March 04, 2021; 5:15:14 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2021-25346 |
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. Published: March 04, 2021; 5:15:14 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-25343 |
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. Published: March 04, 2021; 5:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25342 |
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Published: March 04, 2021; 5:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2021-25337 |
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. Published: March 04, 2021; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2021-25336 |
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. Published: March 04, 2021; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2021-25334 |
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. Published: March 04, 2021; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2021-0341 |
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 Published: February 10, 2021; 12:15:22 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-0339 |
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687 Published: February 10, 2021; 12:15:21 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-0337 |
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195 Published: February 10, 2021; 12:15:21 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0336 |
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161 Published: February 10, 2021; 12:15:21 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0334 |
In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-163358811 Published: February 10, 2021; 12:15:20 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0333 |
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491 Published: February 10, 2021; 12:15:20 PM -0500 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0: 6.9 MEDIUM |
CVE-2021-0331 |
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783 Published: February 10, 2021; 12:15:20 PM -0500 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0: 6.9 MEDIUM |
CVE-2021-0330 |
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441 Published: February 10, 2021; 12:15:19 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-0329 |
In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-171400004 Published: February 10, 2021; 12:15:19 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |