VYPR

Android SDK

by Google

CVEs (1,765)

  • CVE-2020-0093May 14, 2020
    risk 0.00cvss epss 0.00

    In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0106May 14, 2020
    risk 0.00cvss epss 0.00

    In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0103May 14, 2020
    risk 0.00cvss epss 0.02

    In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0097May 14, 2020
    risk 0.00cvss epss 0.00

    In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0096May 14, 2020
    risk 0.00cvss epss 0.01

    In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0101May 14, 2020
    risk 0.00cvss epss 0.00

    In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0104May 14, 2020
    risk 0.00cvss epss 0.00

    In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0098May 14, 2020
    risk 0.00cvss epss 0.00

    In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0024May 14, 2020
    risk 0.00cvss epss 0.00

    In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0077Apr 17, 2020
    risk 0.00cvss epss 0.00

    In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0075Apr 17, 2020
    risk 0.00cvss epss 0.00

    In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0076Apr 17, 2020
    risk 0.00cvss epss 0.00

    In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0073Apr 17, 2020
    risk 0.00cvss epss 0.01

    In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0072Apr 17, 2020
    risk 0.00cvss epss 0.01

    In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0071Apr 17, 2020
    risk 0.00cvss epss 0.01

    In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0070Apr 17, 2020
    risk 0.00cvss epss 0.01

    In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0079Apr 17, 2020
    risk 0.00cvss epss 0.00

    In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2020-0082Apr 17, 2020
    risk 0.00cvss epss 0.00

    In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed…

  • CVE-2020-0081Apr 17, 2020
    risk 0.00cvss epss 0.00

    In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0…

  • CVE-2020-0080Apr 17, 2020
    risk 0.00cvss epss 0.00

    In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User…

Page 68 of 89