VYPR

Android SDK

by Google

CVEs (1,770)

  • CVE-2020-0275HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not…

  • CVE-2020-0266HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0387HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0401HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0394HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is…

  • CVE-2020-0392HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0391HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0388HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0257HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0243HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0242HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0241HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0227HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges…

  • CVE-2020-0219HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0216HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0215HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User…

  • CVE-2020-0210HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0203HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0202HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2020-0179HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:…

Page 29 of 89