Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-21385 |
Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62. Published: March 24, 2021; 5:15:15 PM -0400 |
V4.0:(not available) V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-35456 |
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging. Published: March 17, 2021; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-35455 |
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. Published: March 17, 2021; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2020-35454 |
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. Published: March 17, 2021; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0465 |
In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-172005755 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0464 |
In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-0463 |
In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2021-0462 |
In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2021-0461 |
In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175124074 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2021-0460 |
In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156739245 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0459 |
In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157154534 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0458 |
In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157156744 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0457 |
In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157155375 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2021-0456 |
In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769927 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2021-0455 |
In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116439 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2021-0454 |
In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117047 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2021-0453 |
In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0452 |
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0451 |
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117871 Published: March 10, 2021; 12:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0450 |
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880 Published: March 10, 2021; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |