VYPR

Android SDK

by Google

CVEs (1,771)

  • CVE-2022-20277MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2022-20276MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2022-20275MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2022-20272MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20270MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20263MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20260MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android…

  • CVE-2022-20259MedAug 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android…

  • CVE-2022-20242MedAug 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-0975MedAug 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User…

  • CVE-2021-0735MedAug 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2021-0734MedAug 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional…

  • CVE-2022-20357MedAug 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20355MedAug 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2022-20353MedAug 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20352MedAug 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20350MedAug 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User…

  • CVE-2022-20230MedJul 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20225MedJul 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20219MedJul 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…

Page 64 of 89