Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-25485 | Path Traversal vulnerability in Google Android 10.0/11.0 Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. | 8.0 |
| 2021-10-06 | CVE-2021-25487 | Out-of-bounds Read vulnerability in Google Android Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | 7.8 |
| 2021-10-06 | CVE-2021-0595 | Improper Authentication vulnerability in Google Android In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. | 7.8 |
| 2021-10-06 | CVE-2021-0598 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. | 7.3 |
| 2021-10-06 | CVE-2021-0635 | Unspecified vulnerability in Google Android 10.0 When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. | 7.8 |
| 2021-10-06 | CVE-2021-0636 | Unspecified vulnerability in Google Android 10.0 When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. | 7.8 |
| 2021-10-06 | CVE-2021-0683 | Unspecified vulnerability in Google Android In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. | 7.8 |
| 2021-10-06 | CVE-2021-0684 | Use After Free vulnerability in Google Android In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. | 7.8 |
| 2021-10-06 | CVE-2021-0685 | Deserialization of Untrusted Data vulnerability in Google Android 11.0 In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. | 7.8 |
| 2021-10-06 | CVE-2021-0688 | Race Condition vulnerability in Google Android In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. | 7.0 |