CVE-2021-0889

CRITICAL Year: 2021
CVSS v3 Score
9.8
Critical
CVSS v2 Score
10.0
Critical
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296

Related Vulnerabilities

CVE-2004-2776

CRITICAL
CVSS:9.8(Critical)

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.

NVD-CWE-Other2004

CVE-2005-2354

CRITICAL
CVSS:9.8(Critical)

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

NVD-CWE-Other2005

CVE-2006-2827

CRITICAL
CVSS:9.8(Critical)

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the...

NVD-CWE-Other2006

CVE-2006-4264

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abso...

NVD-CWE-Other2006

CVE-2006-4428

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, sinc...

NVD-CWE-Other2006