RSS   Vulnerabilities for 'Android'   RSS

2021-10-11
 
CVE-2021-0583

CWE-269
 

 
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956

 
2021-10-06
 
CVE-2021-25472

CWE-863
 

 
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

 
 
CVE-2021-25473

CWE-755
 

 
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

 
 
CVE-2021-25474

CWE-755
 

 
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

 
 
CVE-2021-25482

CWE-89
 

 
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

 
 
CVE-2021-25483

CWE-125
 

 
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

 
 
CVE-2021-25484

CWE-287
 

 
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.

 
 
CVE-2021-25485

CWE-22
 

 
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.

 
 
CVE-2021-25486

NVD-CWE-noinfo
 

 
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

 
 
CVE-2021-25490

NVD-CWE-noinfo
 

 
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

 


Copyright 2021, cxsecurity.com

 

Back to Top