VYPR

Android SDK

by Google

CVEs (1,652)

  • CVE-2019-1992HigFeb 28, 2019
    risk 0.49cvss 7.5epss 0.01

    In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9592HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges…

  • CVE-2018-9591HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution…

  • CVE-2018-9590HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges…

  • CVE-2018-9565HigDec 6, 2018
    risk 0.49cvss 7.5epss 0.01

    In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9562HigDec 6, 2018
    risk 0.49cvss 7.5epss 0.01

    In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2018-9542HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2018-9541HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9526HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033

  • CVE-2018-9489HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.01

    When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for…

  • CVE-2018-9455HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9448HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9436HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9362HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9361HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9360HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9359HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2016-3831HigAug 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka…

  • CVE-2016-3766HigJul 11, 2016
    risk 0.49cvss 7.5epss 0.01

    MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or…

  • CVE-2016-3760HigJul 11, 2016
    risk 0.49cvss 7.5epss 0.00

    Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.

Page 38 of 83