|
2021-04-09
|
CVE-2021-25356
|
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
|
Android
|
8.8
|
|
|
|
2020-03-10
|
CVE-2020-0055
|
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141617601
|
Android
|
5.5
|
|
|
|
2011-05-16
|
CVE-2011-0419
|
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
|
Http_server, Portable_runtime, Mac_os_x, Freebsd, Android, Netbsd, Openbsd, Solaris
|
N/A
|
|
|
|
2021-01-11
|
CVE-2021-0308
|
In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.
|
Debian_linux, Android
|
7.8
|
|
|
|
2020-09-17
|
CVE-2020-0293
|
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A-141455849
|
Android
|
5.5
|
|
|
|
2020-11-10
|
CVE-2020-0454
|
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134
|
Android
|
5.5
|
|
|
|
2021-04-13
|
CVE-2021-0430
|
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766
|
Android
|
9.8
|
|
|
|
2021-04-23
|
CVE-2021-25382
|
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
|
Android
|
5.5
|
|
|
|
2021-04-09
|
CVE-2021-25363
|
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
|
Android
|
6.1
|
|
|
|
2021-04-09
|
CVE-2021-25361
|
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
|
Android
|
8.8
|
|
|