|
196221
|
7.5 |
HIGH
Network
|
google
|
android
|
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-0341
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196222
|
8.8 |
HIGH
Network
|
google
|
android
|
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2021-0340
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196223
|
7.8 |
HIGH
Local
|
google
|
android
|
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2021-0339
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196224
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges nee…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-0338
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196225
|
7.8 |
HIGH
Local
|
google
|
android
|
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User i…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-0337
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196226
|
7.8 |
HIGH
Local
|
google
|
android
|
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission che…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-0336
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196227
|
6.5 |
MEDIUM
Network
|
google
|
android
|
In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User…
|
CWE-416
Use After Free
|
CVE-2021-0335
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196228
|
7.8 |
HIGH
Local
|
google
|
android
|
In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-0334
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196229
|
7.3 |
HIGH
Local
|
google
|
android
|
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connectin…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2021-0333
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196230
|
7.8 |
HIGH
Local
|
google
|
android
|
In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User inte…
|
CWE-416
Use After Free
|
CVE-2021-0332
|
2024-11-21 14:42 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
