VYPR

Android SDK

by Google

CVEs (1,652)

  • CVE-2022-20458MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the…

  • CVE-2022-20235MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption…

  • CVE-2022-20215MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20552MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20538MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20527MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20523MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20518MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20517MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20515MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20513MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20511MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20199MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20482MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20476MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20471MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0934MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20453MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20448MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20426MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

Page 56 of 83