{"vulnerability": "CVE-2021-3966", "sightings": [{"uuid": "65464177-9036-4bad-aa36-d4edb9343275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39664", "type": "seen", "source": "https://t.me/cibsecurity/37337", "content": "\u203c CVE-2021-39664 \u203c\n\nIn LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:35:06.000000Z"}, {"uuid": "1a5781b7-0fb9-4acc-acf2-273fa097ad6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39663", "type": "seen", "source": "https://t.me/cibsecurity/37314", "content": "\u203c CVE-2021-39663 \u203c\n\nIn openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:28:59.000000Z"}, {"uuid": "1fc8bc3a-0253-4437-8efb-12eba65d60ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39665", "type": "seen", "source": "https://t.me/cibsecurity/37319", "content": "\u203c CVE-2021-39665 \u203c\n\nIn checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:29:05.000000Z"}, {"uuid": "e0f7e3a7-1191-4be0-8ebb-93cb79af279f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39666", "type": "seen", "source": "https://t.me/cibsecurity/37341", "content": "\u203c CVE-2021-39666 \u203c\n\nIn extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:35:12.000000Z"}, {"uuid": "20c24079-1d09-41fa-a9ba-26afdad21f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39662", "type": "seen", "source": "https://t.me/cibsecurity/37332", "content": "\u203c CVE-2021-39662 \u203c\n\nIn checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:34:56.000000Z"}, {"uuid": "924d50e3-8088-4e88-be02-cedd4a0e2ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39660", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12956", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39660\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984\n\ud83d\udccf Published: 2022-12-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T19:54:43.278Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2022-12-01", "creation_timestamp": "2025-04-22T20:04:58.000000Z"}, {"uuid": "9584650c-a0fd-4fc1-a84d-f08bfb60ea68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39667", "type": "seen", "source": "https://t.me/cibsecurity/39089", "content": "\u203c CVE-2021-39667 \u203c\n\nIn ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T17:36:46.000000Z"}, {"uuid": "9b64a53f-36ea-458f-91bd-7399f913c3e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39661", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14330", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39661\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784\n\ud83d\udccf Published: 2022-11-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T15:34:31.528Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2022-11-01", "creation_timestamp": "2025-05-01T16:14:43.000000Z"}]}