|
195971
|
3.3 |
LOW
Local
|
google
|
android
|
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
|
CWE-20
Improper Input Validation
|
CVE-2021-25457
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195972
|
5.5 |
MEDIUM
Local
|
google
|
android
|
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
|
CWE-125
Out-of-bounds Read
|
CVE-2021-25456
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195973
|
3.3 |
LOW
Local
|
google
|
android
|
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
|
CWE-125
Out-of-bounds Read
|
CVE-2021-25455
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195974
|
5.5 |
MEDIUM
Local
|
google
|
android
|
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
|
CWE-125
Out-of-bounds Read
|
CVE-2021-25454
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195975
|
5.5 |
MEDIUM
Local
|
google
|
android
|
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
|
NVD-CWE-Other
|
CVE-2021-25453
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195976
|
5.5 |
MEDIUM
Local
|
google
|
android
|
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
|
CWE-20
Improper Input Validation
|
CVE-2021-25452
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195977
|
3.3 |
LOW
Local
|
google
|
android
|
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
|
CWE-287
Improper Authentication
|
CVE-2021-25451
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195978
|
6.5 |
MEDIUM
Adjacent
|
google
|
android
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
|
CWE-22
Path Traversal
|
CVE-2021-25450
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195979
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-25449
|
2024-11-21 14:55 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195980
|
4.8 |
MEDIUM
Network
|
kubernetes
|
kubernetes
|
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or …
|
CWE-601
Open Redirect
|
CVE-2021-25737
|
2024-11-21 14:55 |
2021-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
