VYPR

Android SDK

by Google

CVEs (1,652)

  • CVE-2021-0441HigJul 14, 2021
    risk 0.47cvss 7.3epss 0.00

    In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0523HigJun 21, 2021
    risk 0.47cvss 7.3epss 0.00

    In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-0506HigJun 21, 2021
    risk 0.47cvss 7.3epss 0.00

    In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-0446HigApr 13, 2021
    risk 0.47cvss 7.3epss 0.00

    In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0333HigFeb 10, 2021
    risk 0.47cvss 7.3epss 0.00

    In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution…

  • CVE-2021-0319HigJan 11, 2021
    risk 0.47cvss 7.3epss 0.00

    In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC…

  • CVE-2021-0315HigJan 11, 2021
    risk 0.47cvss 7.3epss 0.00

    In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction…

  • CVE-2020-0133HigJun 11, 2020
    risk 0.47cvss 7.3epss 0.00

    In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2216HigMar 15, 2020
    risk 0.47cvss 7.3epss 0.00

    In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for…

  • CVE-2019-2200HigFeb 13, 2020
    risk 0.47cvss 7.3epss 0.00

    In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2019-9463HigSep 27, 2019
    risk 0.47cvss 7.3epss 0.00

    In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:…

  • CVE-2019-9386HigSep 27, 2019
    risk 0.47cvss 7.3epss 0.00

    In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:…

  • CVE-2019-9358HigSep 27, 2019
    risk 0.47cvss 7.3epss 0.00

    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9269HigSep 27, 2019
    risk 0.47cvss 7.3epss 0.00

    In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-2125HigAug 20, 2019
    risk 0.47cvss 7.3epss 0.00

    In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User…

  • CVE-2019-2043HigMay 8, 2019
    risk 0.47cvss 7.3epss 0.00

    In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges…

  • CVE-2019-2041HigApr 19, 2019
    risk 0.47cvss 7.3epss 0.00

    In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2018-9587HigFeb 11, 2019
    risk 0.47cvss 7.3epss 0.00

    In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation…

  • CVE-2023-21101HigJun 15, 2023
    risk 0.46cvss 7.0epss 0.00

    In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20958HigMar 24, 2023
    risk 0.46cvss 7.1epss 0.00

    In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

Page 40 of 83