The Android Open Source Project

100 exploits Active since May 2014
CVE-2021-0522 NOMISEC HIGH WORKING POC
Android -11, Android-9, Android-10 - Use After Free
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139
CVSS 7.5
CVE-2021-0520 NOMISEC HIGH WRITEUP
Android 10-11 - Use-After-Free via Race Condition in MemoryFileSystem
In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595
CVSS 7.0
CVE-2021-0520 NOMISEC HIGH WRITEUP
Android 10-11 - Use-After-Free via Race Condition in MemoryFileSystem
In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595
CVSS 7.0
CVE-2021-0513 NOMISEC HIGH WORKING POC
Android 8.1-11 - Unauthenticated Permission Bypass via NotificationManagerService State Validation
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809
CVSS 7.8
CVE-2021-0510 NOMISEC HIGH WRITEUP
Android -<8.1, 9, 10, 11 - Privilege Escalation
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622
CVSS 7.8
CVE-2021-0509 NOMISEC HIGH WRITEUP
Android - Use-After-Free via Race Condition in CryptoPlugin.cpp
In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161
CVSS 7.0
CVE-2021-0508 NOMISEC HIGH WRITEUP
Android 8.1-11 - Use-After-Free via Race Condition in DrmPlugin.cpp
In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154
CVSS 7.0
CVE-2021-0392 NOMISEC HIGH WORKING POC
Android 9-11 - Double Free in main.cpp
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730
CVSS 7.8
CVE-2021-0391 NOMISEC HIGH WRITEUP
Android - Unauthenticated Account Existence Disclosure via Tapjacking Overlay Attack
In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550
CVSS 7.8
CVE-2021-0340 NOMISEC HIGH WRITEUP
Android 10 - Unredacted Location Information Leak in IsoInterface.java
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
CVSS 8.8
CVE-2021-0327 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Binder Identity Bypass
In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267
CVSS 7.8
CVE-2021-0315 NOMISEC HIGH WRITEUP
Android 8.0-11 - Tapjacking/Overlay Attack via GrantCredentialsPermissionActivity
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.
CVSS 7.3
CVE-2021-0315 NOMISEC HIGH WRITEUP
Android 8.0-11 - Tapjacking/Overlay Attack via GrantCredentialsPermissionActivity
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.
CVSS 7.3
CVE-2021-0314 NOMISEC HIGH WORKING POC
Android - Unauthenticated Tapjacking/Overlay Attack via UninstallerActivity
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302
CVSS 7.3
CVE-2021-0306 NOMISEC HIGH WRITEUP
Android 8.0-11 - Unauthenticated Privilege Escalation via Permission Bypass
In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240.
CVSS 7.8
CVE-2020-0160 NOMISEC HIGH WORKING POC
Android 10 - Denial of Service via Missing Bounds Check in SampleTable.cpp
In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364
CVSS 8.8
CVE-2020-0463 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Read in Bluetooth SDP Server
In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531
CVSS 7.5
CVE-2020-0137 NOMISEC HIGH WORKING POC
Android 10 - Missing Authorization in NetworkManagementService
In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289
CVSS 7.8
CVE-2020-0458 NOMISEC HIGH WORKING POC
Android 8.0-10 - Remote Code Execution via Integer Overflow in SPDIFEncoder
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
CVSS 7.8
CVE-2020-0453 NOMISEC MEDIUM WORKING POC
Android 8.0-9 - Local Information Disclosure via Unsafe PendingIntent in BeamTransferManager
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
CVSS 5.5
CVE-2020-0421 NOMISEC HIGH WORKING POC
Android 8.0-11 - Local Privilege Escalation via String8.cpp Error Handling
In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517
CVSS 7.8
CVE-2020-0409 NOMISEC HIGH WORKING POC
Android - Integer Overflow to Out-of-Bounds Write in FileMap.cpp
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193
CVSS 7.8
CVE-2020-0401 NOMISEC HIGH WORKING POC
Android - Missing Authorization in PackageManagerService
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253
CVSS 7.8
CVE-2020-0391 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Unenforced Protected Broadcast
In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-158570769
CVSS 7.8
CVE-2020-0227 NOMISEC HIGH WORKING POC
Android 8.0-10 - Unauthenticated Permissions Bypass in CompanionDeviceManagerService
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618
CVSS 7.8