VYPR

Android SDK

by Google

CVEs (1,652)

  • CVE-2016-3744HigJul 11, 2016
    risk 0.49cvss 7.5epss 0.00

    Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.

  • CVE-2026-46270HigJun 3, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `power_supply` handle, means that…

  • CVE-2026-46251HigJun 3, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block group tree to the switch_commits list before calling switch_commit_roots, as we…

  • CVE-2023-21237MedKEVJun 28, 2023
    risk 0.48cvss 5.5epss 0.00

    In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2026-46307HigJun 8, 2026
    risk 0.47cvss 8.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to do an array-index-out-of-bounds access as > shown by the UBSAN kernel message: > UBSAN: array-index-out-of-bounds in…

  • CVE-2023-21189HigJun 28, 2023
    risk 0.47cvss 7.3epss 0.00

    In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2023-20976HigMar 24, 2023
    risk 0.47cvss 7.3epss 0.00

    In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2022-20501HigDec 13, 2022
    risk 0.47cvss 7.3epss 0.00

    In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction…

  • CVE-2022-20442HigDec 13, 2022
    risk 0.47cvss 7.3epss 0.00

    In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2022-20126HigJun 15, 2022
    risk 0.47cvss 7.3epss 0.00

    In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-39691HigJun 15, 2022
    risk 0.47cvss 7.3epss 0.00

    In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-39796HigApr 12, 2022
    risk 0.47cvss 7.3epss 0.00

    In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed…

  • CVE-2021-39625HigJan 14, 2022
    risk 0.47cvss 7.3epss 0.00

    In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction…

  • CVE-2021-1020HigDec 15, 2021
    risk 0.47cvss 7.3epss 0.00

    In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed…

  • CVE-2021-1019HigDec 15, 2021
    risk 0.47cvss 7.3epss 0.00

    In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-0954HigDec 15, 2021
    risk 0.47cvss 7.3epss 0.00

    In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2021-0434HigDec 15, 2021
    risk 0.47cvss 7.3epss 0.00

    In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with…

  • CVE-2021-0583HigOct 11, 2021
    risk 0.47cvss 7.3epss 0.00

    In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-0598HigOct 6, 2021
    risk 0.47cvss 7.3epss 0.00

    In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-0591HigAug 17, 2021
    risk 0.47cvss 7.3epss 0.00

    In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

Page 39 of 83