VYPR

Android SDK

by Google

CVEs (1,766)

  • CVE-2021-0437HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0429HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2021-0427HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0465HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0389HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0388HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges…

  • CVE-2021-0385HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional…

  • CVE-2021-0383HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0398HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0395HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0393HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is…

  • CVE-2021-0392HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

  • CVE-2021-0391HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2021-0376HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0372HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0369HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…

  • CVE-2020-0025HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0336HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0332HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0330HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 26 of 89