Vulnerabilities > Google > Android > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-25476 | Unspecified vulnerability in Google Android 10.0/11.0 An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE. | 4.4 |
| 2021-10-06 | CVE-2021-25477 | Double Free vulnerability in Google Android 10.0/11.0/9.0 An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. | 4.9 |
| 2021-10-06 | CVE-2021-25481 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. | 6.7 |
| 2021-10-06 | CVE-2021-25482 | SQL Injection vulnerability in Google Android 11.0 SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. | 4.4 |
| 2021-10-06 | CVE-2021-25483 | Out-of-bounds Read vulnerability in Google Android Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. | 6.5 |
| 2021-10-06 | CVE-2021-25488 | Out-of-bounds Read vulnerability in Google Android Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. | 5.5 |
| 2021-10-06 | CVE-2021-25489 | Use of Externally-Controlled Format String vulnerability in Google Android Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | 5.5 |
| 2021-10-06 | CVE-2021-25490 | Unspecified vulnerability in Google Android 10.0/11.0/9.0 A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. | 6.0 |
| 2021-10-06 | CVE-2021-25491 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/9.0 A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. | 4.4 |
| 2021-10-06 | CVE-2021-0644 | Information Exposure vulnerability in Google Android 10.0/11.0 In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. | 5.5 |