VYPR

Android SDK

by Google

CVEs (1,765)

  • CVE-2023-20940Feb 28, 2023
    risk 0.00cvss epss 0.00

    In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20943Feb 28, 2023
    risk 0.00cvss epss 0.00

    In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2023-20934Feb 28, 2023
    risk 0.00cvss epss 0.00

    In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-20939Feb 28, 2023
    risk 0.00cvss epss 0.00

    In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20944Feb 28, 2023
    risk 0.00cvss epss 0.00

    In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20481Feb 28, 2023
    risk 0.00cvss epss 0.00

    In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20948Feb 28, 2023
    risk 0.00cvss epss 0.00

    In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20455Feb 28, 2023
    risk 0.00cvss epss 0.00

    In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20946Feb 28, 2023
    risk 0.00cvss epss 0.00

    In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20933Feb 28, 2023
    risk 0.00cvss epss 0.00

    In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20932Feb 28, 2023
    risk 0.00cvss epss 0.00

    In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20945Feb 28, 2023
    risk 0.00cvss epss 0.00

    In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20927Feb 15, 2023
    risk 0.00cvss epss 0.00

    In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20919Jan 24, 2023
    risk 0.00cvss epss 0.00

    In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20214Jan 24, 2023
    risk 0.00cvss epss 0.00

    In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID:…

  • CVE-2023-20913Jan 24, 2023
    risk 0.00cvss epss 0.00

    In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed.…

  • CVE-2022-20458Jan 24, 2023
    risk 0.00cvss epss 0.00

    The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the…

  • CVE-2023-20922Jan 24, 2023
    risk 0.00cvss epss 0.00

    In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20494Jan 24, 2023
    risk 0.00cvss epss 0.00

    In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20235Jan 24, 2023
    risk 0.00cvss epss 0.00

    The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption…

Page 22 of 89