VYPR

Android SDK

by Google

CVEs (1,763)

  • CVE-2023-21272Aug 14, 2023
    risk 0.00cvss epss 0.00

    In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21268Aug 14, 2023
    risk 0.00cvss epss 0.00

    In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21267Aug 14, 2023
    risk 0.00cvss epss 0.00

    In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21133Aug 14, 2023
    risk 0.00cvss epss 0.00

    In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution…

  • CVE-2023-21132Aug 14, 2023
    risk 0.00cvss epss 0.00

    In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution…

  • CVE-2023-21260Jul 13, 2023
    risk 0.00cvss epss 0.00

    In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

  • CVE-2023-35693Jul 12, 2023
    risk 0.00cvss epss 0.00

    In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21262Jul 12, 2023
    risk 0.00cvss epss 0.00

    In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

  • CVE-2023-21257Jul 12, 2023
    risk 0.00cvss epss 0.00

    In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21255Jul 12, 2023
    risk 0.00cvss epss 0.00

    In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21251Jul 12, 2023
    risk 0.00cvss epss 0.00

    In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-21249Jul 12, 2023
    risk 0.00cvss epss 0.00

    In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21246Jul 12, 2023
    risk 0.00cvss epss 0.00

    In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21245Jul 12, 2023
    risk 0.00cvss epss 0.00

    In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2023-21238Jul 12, 2023
    risk 0.00cvss epss 0.00

    In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-20942Jul 12, 2023
    risk 0.00cvss epss 0.00

    In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2023-20918Jul 12, 2023
    risk 0.00cvss epss 0.01

    In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21208Jun 28, 2023
    risk 0.00cvss epss 0.00

    In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-21194Jun 28, 2023
    risk 0.00cvss epss 0.00

    In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-21187Jun 28, 2023
    risk 0.00cvss epss 0.00

    In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

Page 11 of 89