Skip to main content
CVE-2021-0704 MEDIUM This Month

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0653 MEDIUM This Month

In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-43896 MEDIUM PATCH This Month

Microsoft PowerShell Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Powershell
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2021-43880 MEDIUM PATCH This Month

Windows Mobile Device Management Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 11
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-43244 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43243 MEDIUM PATCH This Month

VP9 Video Extensions Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Vp9 Video Extensions
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43235 MEDIUM PATCH This Month

Storage Spaces Controller Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 11 Windows Server Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43227 MEDIUM PATCH This Month

Storage Spaces Controller Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 11 Windows Server Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-43224 MEDIUM PATCH This Month

Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
3.9%
CVE-2021-35490 MEDIUM This Month

Thruk before 2.44 allows XSS for a quick command. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thruk
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41871 MEDIUM This Month

An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote View Pro Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-40171 MEDIUM This Month

The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Securitashome Alarm System Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-1023 MEDIUM This Month

In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-0973 MEDIUM PATCH This Month

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-0952 MEDIUM This Month

In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-0919 MEDIUM This Month

In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2021-38701 MEDIUM This Month

Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS T008 Firmware T100 Firmware T101 Firmware T102 Firmware +6
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-0996 MEDIUM PATCH This Month

In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2021-39657 MEDIUM PATCH This Month

In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-39647 MEDIUM PATCH This Month

In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Samsung Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-39637 MEDIUM PATCH This Month

In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-39636 MEDIUM PATCH This Month

In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-1047 MEDIUM PATCH This Month

In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Buffer Overflow Integer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1046 MEDIUM PATCH This Month

In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1042 MEDIUM PATCH This Month

In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Memory Corruption Use After Free Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1008 MEDIUM This Month

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1007 MEDIUM This Month

In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-1006 MEDIUM This Month

In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google XSS Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-0961 MEDIUM This Month

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-0958 MEDIUM This Month

In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-43908 MEDIUM PATCH This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
4.3
EPSS
2.7%
CVE-2021-39648 MEDIUM PATCH This Month

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. Rated medium severity (CVSS 4.1).

Google Information Disclosure Race Condition Android
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2021-1034 LOW PATCH Monitor

In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-1032 LOW PATCH Monitor

In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-1031 LOW PATCH Monitor

In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-1018 LOW Monitor

In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-1015 LOW Monitor

In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0995 LOW PATCH Monitor

In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0994 LOW PATCH Monitor

In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0992 LOW PATCH Monitor

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0990 LOW PATCH Monitor

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0989 LOW PATCH Monitor

In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0988 LOW PATCH Monitor

In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0987 LOW PATCH Monitor

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0983 LOW Monitor

In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0982 LOW PATCH Monitor

In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0978 LOW PATCH Monitor

In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-0991 LOW PATCH Monitor

In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy