VYPR

Android SDK

by Google

CVEs (1,763)

  • CVE-2011-3918Oct 7, 2012
    risk 0.03cvss epss 0.01

    The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.

  • CVE-2008-0985Mar 6, 2008
    risk 0.03cvss epss 0.05

    Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

  • CVE-2008-0986Mar 6, 2008
    risk 0.03cvss epss 0.05

    Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

  • CVE-2024-0044Mar 11, 2024
    risk 0.01cvss epss 0.01

    In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0040Feb 16, 2024
    risk 0.01cvss epss 0.02

    In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21144Jun 15, 2023
    risk 0.01cvss epss 0.01

    In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20229Jul 13, 2022
    risk 0.01cvss epss 0.02

    In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20145Jun 15, 2022
    risk 0.01cvss epss 0.06

    In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is…

  • CVE-2022-20130Jun 15, 2022
    risk 0.01cvss epss 0.08

    In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0397Mar 10, 2021
    risk 0.01cvss epss 0.06

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0326Feb 10, 2021
    risk 0.01cvss epss 0.05

    In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not…

  • CVE-2020-0198Jun 11, 2020
    risk 0.01cvss epss 0.04

    In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0034Mar 10, 2020
    risk 0.01cvss epss 0.02

    In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-2205Nov 13, 2019
    risk 0.01cvss epss 0.03

    In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-9433Sep 27, 2019
    risk 0.01cvss epss 0.03

    In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2018-9355Nov 6, 2018
    risk 0.01cvss epss 0.03

    In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2026-53297Jun 27, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL…

  • CVE-2026-53283Jun 27, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in __rlookup_amd_iommu() iommu_device_register() walks every device on the PCI bus via bus_for_each_dev() and calls amd_iommu_probe_device() for each. The inlined check_device()…

  • CVE-2026-53293Jun 27, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG There were multiple issues in that code. First of all the order between the reset semaphore and the mm_lock was wrong (e.g. copy_to_user) was called while holding the…

  • CVE-2026-53285Jun 27, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT,…

Page 5 of 89