Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 36 |
| CVE-ID | CVE-2021-0394 CVE-2021-0392 CVE-2021-0390 CVE-2021-0396 CVE-2021-0393 CVE-2021-0397 CVE-2021-0398 CVE-2021-0391 CVE-2021-0395 CVE-2017-14491 CVE-2020-11299 CVE-2020-11226 CVE-2020-11222 CVE-2020-11221 CVE-2020-11220 CVE-2020-11199 CVE-2020-11198 CVE-2020-11195 CVE-2020-11194 CVE-2020-11190 CVE-2020-11189 CVE-2020-11188 CVE-2020-11186 CVE-2020-11178 CVE-2020-11171 CVE-2020-11166 CVE-2020-11165 CVE-2020-11228 CVE-2020-11227 CVE-2020-11218 CVE-2020-11204 CVE-2020-11192 CVE-2020-11223 CVE-2020-11309 CVE-2020-11308 CVE-2020-11290 |
| CWE-ID | CWE-200 CWE-264 CWE-20 CWE-122 CWE-119 CWE-416 CWE-129 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #10 is available. |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU51026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0394
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in system component in Google Android. A local application can gain access to sensitive data on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51025
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0392
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists within system component in Google Android due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51024
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0390
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists within system component in Google Android due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU51023
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-0396
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU51022
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-0393
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU51021
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-0397
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51020
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0398
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists within Android framework due to improperly imposed security restrictions. A local application with privileged access to gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11
CPE2.3https://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51019
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0391
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists within Android framework due to improperly imposed security restrictions. A local application with privileged access to gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51018
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0395
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists within Android runtime due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11
CPE2.3https://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU8660
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-14491
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in dnsmasq.c file when processing DNS replies. A remote unauthenticated attacker can send specially crafted DNS packets to the affected service, trigger heap-based buffer overflow by 2 bytes and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Google Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU51048
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU51047
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11226
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU51046
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11222
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU51045
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11221
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU51044
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11220
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU51043
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11199
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU51042
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11198
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU51041
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11195
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU51040
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11194
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU51039
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11190
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU51038
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11189
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU51037
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11188
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU51036
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11186
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU51035
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11178
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU51034
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11171
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU51033
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11166
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU51032
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11165
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU51031
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11228
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU51030
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11227
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU51029
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11218
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Input validation error
EUVDB-ID: #VU51028
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11204
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU51027
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-11192
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Buffer overflow
EUVDB-ID: #VU51052
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-11223
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the camera component in Qualcomm chipsets. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin
https://source.android.com/security/bulletin/2021-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU51059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-11309
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in GPU driver while mapping the user memory to GPU memory in Qualcomm chipsets. A local user can run a specially crafted program to escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper Validation of Array Index
EUVDB-ID: #VU51057
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-11308
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to boundary error in bootloader in Qualcomm chipsets when trying to convert ASCII string to Unicode string if the actual size is more than required. An attacker with physical access to the device can trigger buffer overflow during the boot process of the device and gain unauthorized access to the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU51055
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-11290
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the display component in Qualcomm chipsets in msm ioctl events due to race between the ioctl register and deregister events. A local user can run a specially crafted program to escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.1 - 11
CPE2.3 External linkshttps://source.android.com/security/bulletin/2021-03-01
https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
