VYPR

Android SDK

by Google

CVEs (1,771)

  • CVE-2020-0440HigDec 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2020-0099HigDec 14, 2020
    risk 0.51cvss 7.8epss 0.01

    In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0439HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional…

  • CVE-2020-0418HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813

  • CVE-2020-0409HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2020-0423HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.01

    In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0421HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0420HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0408HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2019-2194HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0319HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0299HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0298HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0273HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0089HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0406HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is…

  • CVE-2020-0375HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0374HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602

  • CVE-2020-0357HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0346HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed…

Page 28 of 89