Vendor CVEs
All CVEs
11,367 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-0959 | Hig | 0.51 | 7.8 | 0.00 | Jan 14, 2022 | In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-39653 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution… | ||
| CVE-2021-39640 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-1044 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-1040 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2021-1039 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2021-1029 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-1028 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-1027 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-1017 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is… | ||
| CVE-2021-1004 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User… | ||
| CVE-2021-1003 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0999 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is… | ||
| CVE-2021-0985 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0984 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0981 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges… | ||
| CVE-2021-0970 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0953 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction… | ||
| CVE-2021-0932 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is… | ||
| CVE-2021-0929 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0928 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2021-0927 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0926 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0924 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-0923 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0922 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User… | ||
| CVE-2021-0799 | Hig | 0.51 | 7.8 | 0.00 | Dec 15, 2021 | In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-0936 | Hig | 0.51 | 7.8 | 0.00 | Oct 25, 2021 | In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | ||
| CVE-2021-0708 | Hig | 0.51 | 7.8 | 0.00 | Oct 22, 2021 | In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0705 | Hig | 0.51 | 7.8 | 0.00 | Oct 22, 2021 | In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution… | ||
| CVE-2021-0652 | Hig | 0.51 | 7.8 | 0.00 | Oct 22, 2021 | In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not… | ||
| CVE-2021-37969 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2021 | Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | ||
| CVE-2021-0692 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0685 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0684 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0683 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0636 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:… | ||
| CVE-2021-0635 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:… | ||
| CVE-2021-0595 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-30605 | Hig | 0.51 | 7.8 | 0.00 | Sep 8, 2021 | Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. | ||
| CVE-2021-0645 | Hig | 0.51 | 7.8 | 0.00 | Aug 17, 2021 | In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional… | ||
| CVE-2021-0640 | Hig | 0.51 | 7.8 | 0.00 | Aug 17, 2021 | In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-0574 | Hig | 0.51 | 7.8 | 0.00 | Aug 17, 2021 | In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid… | ||
| CVE-2021-30577 | Hig | 0.51 | 7.8 | 0.01 | Aug 3, 2021 | Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. | ||
| CVE-2021-0603 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for… | ||
| CVE-2021-0602 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges… | ||
| CVE-2021-0600 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2021-0587 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0586 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is… | ||
| CVE-2021-0486 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:… |
- risk 0.51cvss 7.8epss 0.00
In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution…
- risk 0.51cvss 7.8epss 0.00
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
- risk 0.51cvss 7.8epss 0.00
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction…
- risk 0.51cvss 7.8epss 0.00
In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- risk 0.51cvss 7.8epss 0.00
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- risk 0.51cvss 7.8epss 0.00
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution…
- risk 0.51cvss 7.8epss 0.00
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- risk 0.51cvss 7.8epss 0.01
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
- risk 0.51cvss 7.8epss 0.00
In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:…
- risk 0.51cvss 7.8epss 0.00
When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:…
- risk 0.51cvss 7.8epss 0.00
In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
- risk 0.51cvss 7.8epss 0.00
In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional…
- risk 0.51cvss 7.8epss 0.00
In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.51cvss 7.8epss 0.00
In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…
- risk 0.51cvss 7.8epss 0.01
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
- risk 0.51cvss 7.8epss 0.00
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…
- risk 0.51cvss 7.8epss 0.00
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges…
- risk 0.51cvss 7.8epss 0.00
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…
- risk 0.51cvss 7.8epss 0.00
In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
- risk 0.51cvss 7.8epss 0.00
In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…
Page 70 of 228