Skip to main content
CVE-2021-1009 MEDIUM This Month

In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-1005 MEDIUM This Month

In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-1001 MEDIUM This Month

In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0998 MEDIUM PATCH This Month

In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0997 MEDIUM PATCH This Month

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Java Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0986 MEDIUM PATCH This Month

In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0979 MEDIUM PATCH This Month

In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0966 MEDIUM PATCH This Month

In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0931 MEDIUM This Month

In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0704 MEDIUM This Month

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0653 MEDIUM This Month

In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-43896 MEDIUM PATCH This Month

Microsoft PowerShell Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Powershell
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2021-43880 MEDIUM PATCH This Month

Windows Mobile Device Management Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 11
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-43244 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43243 MEDIUM PATCH This Month

VP9 Video Extensions Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Vp9 Video Extensions
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43235 MEDIUM PATCH This Month

Storage Spaces Controller Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 11 Windows Server Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43227 MEDIUM PATCH This Month

Storage Spaces Controller Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 11 Windows Server Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43224 MEDIUM PATCH This Month

Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
3.9%
CVE-2021-35490 MEDIUM This Month

Thruk before 2.44 allows XSS for a quick command. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thruk
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41871 MEDIUM This Month

An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote View Pro Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-40171 MEDIUM This Month

The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Securitashome Alarm System Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-1023 MEDIUM This Month

In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-0973 MEDIUM PATCH This Month

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-0952 MEDIUM This Month

In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-0919 MEDIUM This Month

In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-38701 MEDIUM This Month

Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS T008 Firmware T100 Firmware T101 Firmware T102 Firmware +6
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-0996 MEDIUM PATCH This Month

In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2021-39657 MEDIUM PATCH This Month

In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-39647 MEDIUM PATCH This Month

In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Samsung Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-39637 MEDIUM PATCH This Month

In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-39636 MEDIUM PATCH This Month

In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-1047 MEDIUM PATCH This Month

In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Buffer Overflow Integer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1046 MEDIUM PATCH This Month

In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1042 MEDIUM PATCH This Month

In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Memory Corruption Use After Free Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1008 MEDIUM This Month

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1007 MEDIUM This Month

In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1006 MEDIUM This Month

In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google XSS Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-0961 MEDIUM This Month

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-0958 MEDIUM This Month

In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-43908 MEDIUM PATCH This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
4.3
EPSS
2.7%
CVE-2021-39648 MEDIUM PATCH This Month

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. Rated medium severity (CVSS 4.1).

Google Information Disclosure Race Condition Android
NVD
CVSS 3.1
4.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy