CVE-2021-1021 — Improper Input Validation in Google Android
Severity
7.3HIGHNVD
EPSS
0.0%
top 96.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 15
Latest updateJun 19
Description
In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
5OSV▶
CVE-2021-47615: In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow
For the case of IB_↗2024-06-19
📋Vendor Advisories
12Microsoft▶
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used ↗2022-03-08
Red Hat
▶