VYPR

Android SDK

by Google

CVEs (1,765)

  • CVE-2020-0032Mar 10, 2020
    risk 0.00cvss epss 0.02

    In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0031Mar 10, 2020
    risk 0.00cvss epss 0.00

    In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2020-0027Feb 13, 2020
    risk 0.00cvss epss 0.00

    In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0026Feb 13, 2020
    risk 0.00cvss epss 0.00

    In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0023Feb 13, 2020
    risk 0.00cvss epss 0.00

    In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User…

  • CVE-2020-0021Feb 13, 2020
    risk 0.00cvss epss 0.01

    In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0018Feb 13, 2020
    risk 0.00cvss epss 0.00

    In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0017Feb 13, 2020
    risk 0.00cvss epss 0.00

    In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2200Feb 13, 2020
    risk 0.00cvss epss 0.00

    In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2020-0015Feb 13, 2020
    risk 0.00cvss epss 0.00

    In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2011-3901Feb 12, 2020
    risk 0.00cvss epss 0.01

    Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.

  • CVE-2015-1530Jan 24, 2020
    risk 0.00cvss epss 0.00

    media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.

  • CVE-2020-0008Jan 8, 2020
    risk 0.00cvss epss 0.00

    In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2020-0007Jan 8, 2020
    risk 0.00cvss epss 0.00

    In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2020-0006Jan 8, 2020
    risk 0.00cvss epss 0.01

    In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed…

  • CVE-2020-0003Jan 8, 2020
    risk 0.00cvss epss 0.00

    In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.…

  • CVE-2020-0002Jan 8, 2020
    risk 0.00cvss epss 0.01

    In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0,…

  • CVE-2019-9468Jan 6, 2020
    risk 0.00cvss epss 0.00

    In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10…

  • CVE-2019-2227Dec 6, 2019
    risk 0.00cvss epss 0.00

    In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2222Dec 6, 2019
    risk 0.00cvss epss 0.01

    n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

Page 70 of 89