CVE-2021-0639
- EPSS 0.12%
- Veröffentlicht 17.08.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:43:03
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. ...
CVE-2021-0640
- EPSS 0.22%
- Veröffentlicht 17.08.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:43:03
In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat...
CVE-2021-0641
- EPSS 0.11%
- Veröffentlicht 17.08.2021 19:15:07
- Zuletzt bearbeitet 25.02.2026 18:16:52
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
CVE-2021-0642
- EPSS 0.33%
- Veröffentlicht 17.08.2021 19:15:07
- Zuletzt bearbeitet 25.02.2026 18:16:53
In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges n...
CVE-2021-0645
- EPSS 0.33%
- Veröffentlicht 17.08.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:43:04
In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Andro...
CVE-2021-38591
- EPSS 0.1%
- Veröffentlicht 12.08.2021 00:15:07
- Zuletzt bearbeitet 21.11.2024 06:17:36
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
CVE-2021-25443
- EPSS 0.1%
- Veröffentlicht 05.08.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:59
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
CVE-2021-25444
- EPSS 0.76%
- Veröffentlicht 05.08.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:59
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
CVE-2020-0417
- EPSS 0.14%
- Veröffentlicht 14.07.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 04:53:28
In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed ...
CVE-2021-0441
- EPSS 0.12%
- Veröffentlicht 14.07.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:42:43
In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: A...