Google Software and search

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack

CVE-2021-0583 7.3 - High - October 11, 2021

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956

Improper Privilege Management

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54

CVE-2021-37957 8.8 - High - October 08, 2021

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54

CVE-2021-37956 8.8 - High - October 08, 2021

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71

CVE-2021-37976 6.5 - Medium - October 08, 2021

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Use after free in V8 in Google Chrome prior to 94.0.4606.71

CVE-2021-37975 8.8 - High - October 08, 2021

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71

CVE-2021-37974 8.8 - High - October 08, 2021

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Portals in Google Chrome prior to 94.0.4606.61

CVE-2021-37973 9.6 - Critical - October 08, 2021

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54

CVE-2021-37972 8.8 - High - October 08, 2021

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out-of-bounds Read

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54

CVE-2021-37971 4.3 - Medium - October 08, 2021

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Origin Validation Error

Use after free in File System API in Google Chrome prior to 94.0.4606.54

CVE-2021-37970 8.8 - High - October 08, 2021

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54

CVE-2021-37969 7.8 - High - October 08, 2021

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

Improper Privilege Management

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54

CVE-2021-37968 4.3 - Medium - October 08, 2021

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54

CVE-2021-37967 4.3 - Medium - October 08, 2021

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54

CVE-2021-37965 4.3 - Medium - October 08, 2021

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54

CVE-2021-37963 4.3 - Medium - October 08, 2021

Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54

CVE-2021-37962 8.8 - High - October 08, 2021

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54

CVE-2021-37961 8.8 - High - October 08, 2021

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54

CVE-2021-37959 8.8 - High - October 08, 2021

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54

CVE-2021-37958 5.4 - Medium - October 08, 2021

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82

CVE-2021-30633 9.6 - Critical - October 08, 2021

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82

CVE-2021-30632 8.8 - High - October 08, 2021

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82

CVE-2021-30630 4.3 - Medium - October 08, 2021

Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Use after free in Permissions in Google Chrome prior to 93.0.4577.82

CVE-2021-30629 8.8 - High - October 08, 2021

Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82

CVE-2021-30628 8.8 - High - October 08, 2021

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

Memory Corruption

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82

CVE-2021-30627 8.8 - High - October 08, 2021

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82

CVE-2021-30626 8.8 - High - October 08, 2021

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in Selection API in Google Chrome prior to 93.0.4577.82

CVE-2021-30625 8.8 - High - October 08, 2021

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Extensible Service Proxy, a.k.a

CVE-2021-41130 5.4 - Medium - October 07, 2021

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.

Authentication Bypass by Spoofing

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1

CVE-2021-25474 4.4 - Medium - October 06, 2021

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

Improper Handling of Exceptional Conditions

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1

CVE-2021-25473 4.4 - Medium - October 06, 2021

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

Improper Handling of Exceptional Conditions

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1

CVE-2021-25490 6 - Medium - October 06, 2021

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1

CVE-2021-25486 3.3 - Low - October 06, 2021

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1

CVE-2021-25485 8 - High - October 06, 2021

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.

Directory traversal

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1

CVE-2021-25484 3.3 - Low - October 06, 2021

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.

authentification

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1

CVE-2021-25483 6.5 - Medium - October 06, 2021

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

Out-of-bounds Read

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1

CVE-2021-25482 4.4 - Medium - October 06, 2021

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

SQL Injection

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1

CVE-2021-25472 3.3 - Low - October 06, 2021

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

AuthZ

In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free

CVE-2021-0695 5.5 - Medium - October 06, 2021

In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel

Dangling pointer

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps

CVE-2021-0693 5.5 - Medium - October 06, 2021

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184046948

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent

CVE-2021-0692 7.8 - High - October 06, 2021

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753

Improper Privilege Management

In the SELinux policy configured in system_app.te

CVE-2021-0691 6.7 - Medium - October 06, 2021

In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-188554048

Improper Privilege Management

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0690 6.5 - Medium - October 06, 2021

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757

Memory Corruption

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0689 5.5 - Medium - October 06, 2021

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264

Out-of-bounds Read

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition

CVE-2021-0688 7 - High - October 06, 2021

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543

Race Condition

In ellipsize of Layout.java, there is a possible ANR due to improper input validation

CVE-2021-0687 5 - Medium - October 06, 2021

In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943

Improper Input Validation

In getDefaultSmsPackage of RoleManagerService.java

CVE-2021-0686 5.5 - Medium - October 06, 2021

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831

AuthZ

In ParsedIntentInfo of ParsedIntentInfo.java

CVE-2021-0685 7.8 - High - October 06, 2021

In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353

Marshaling, Unmarshaling

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-0684 7.8 - High - October 06, 2021

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665

Dangling pointer

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy

CVE-2021-0683 7.8 - High - October 06, 2021

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942

In sendAccessibilityEvent of NotificationManagerService.java

CVE-2021-0682 5.5 - Medium - October 06, 2021

In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555

AuthZ

In system properties, there is a possible information disclosure due to a missing permission check

CVE-2021-0681 5.5 - Medium - October 06, 2021

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337

AuthZ

In system properties, there is a possible information disclosure due to a missing permission check

CVE-2021-0680 5.5 - Medium - October 06, 2021

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676

AuthZ

In conditionallyRemoveIdentifiers of SubscriptionController.java

CVE-2021-0644 5.5 - Medium - October 06, 2021

In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462

AuthZ

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows

CVE-2021-0636 7.8 - High - October 06, 2021

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion: Android-10Android ID: A-189392423

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows

CVE-2021-0635 7.8 - High - October 06, 2021

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-189402477

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack

CVE-2021-0598 7.3 - High - October 06, 2021

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108

Improper Privilege Management

In lockAllProfileTasks of RootWindowContainer.java

CVE-2021-0595 7.8 - High - October 06, 2021

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096

Improper Privilege Management

SLO generator allows for loading of YAML files

CVE-2021-22557 7.8 - High - October 04, 2021

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173

Code Injection

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0869 9.8 - Critical - September 21, 2021

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A

Memory Corruption

Improper access control vulnerability in PENUP prior to version 3.8.00.18

CVE-2021-25463 3.3 - Low - September 09, 2021

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1

CVE-2021-25462 5.5 - Medium - September 09, 2021

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

NULL Pointer Dereference

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

CVE-2021-25461 7.8 - High - September 09, 2021

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

Classic Buffer Overflow

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1

CVE-2021-25460 5.5 - Medium - September 09, 2021

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1

CVE-2021-25459 5.5 - Medium - September 09, 2021

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

Files or Directories Accessible to External Parties

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1

CVE-2021-25458 5.5 - Medium - September 09, 2021

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

NULL Pointer Dereference

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25456 5.5 - Medium - September 09, 2021

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

Out-of-bounds Read

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25455 3.3 - Low - September 09, 2021

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

Out-of-bounds Read

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25454 5.5 - Medium - September 09, 2021

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

Out-of-bounds Read

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1

CVE-2021-25453 5.5 - Medium - September 09, 2021

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

Improper Input Validation

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1

CVE-2021-25451 3.3 - Low - September 09, 2021

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

authentification

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1

CVE-2021-25450 6.5 - Medium - September 09, 2021

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

Directory traversal

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1

CVE-2021-25449 9.8 - Critical - September 09, 2021

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

Improper Input Validation

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610 8.8 - High - September 03, 2021

Chromium: CVE-2021-30610 Use after free in Extensions API

Dangling pointer

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609 8.8 - High - September 03, 2021

Chromium: CVE-2021-30609 Use after free in Sign-In

Dangling pointer

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608 8.8 - High - September 03, 2021

Chromium: CVE-2021-30608 Use after free in Web Share

Dangling pointer

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607 8.8 - High - September 03, 2021

Chromium: CVE-2021-30607 Use after free in Permissions

Dangling pointer

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Exposure of Resource to Wrong Sphere

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624 8.8 - High - September 03, 2021

Chromium: CVE-2021-30624 Use after free in Autofill

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 92.0.4515.159

CVE-2021-30604 8.8 - High - August 26, 2021

Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Data race in WebAudio in Google Chrome prior to 92.0.4515.159

CVE-2021-30603 7.5 - High - August 26, 2021

Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Race Condition

Use after free in WebRTC in Google Chrome prior to 92.0.4515.159

CVE-2021-30602 8.8 - High - August 26, 2021

Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Extensions API in Google Chrome prior to 92.0.4515.159

CVE-2021-30601 8.8 - High - August 26, 2021

Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Printing in Google Chrome prior to 92.0.4515.159

CVE-2021-30600 8.8 - High - August 26, 2021

Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 92.0.4515.159

CVE-2021-30599 8.8 - High - August 26, 2021

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Object Type Confusion

Type confusion in V8 in Google Chrome prior to 92.0.4515.159

CVE-2021-30598 8.8 - High - August 26, 2021

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Object Type Confusion

Use after free in File System API in Google Chrome prior to 92.0.4515.131

CVE-2021-30591 8.8 - High - August 26, 2021

Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131

CVE-2021-30590 8.8 - High - August 26, 2021

Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption