VYPR

Android SDK

by Google

CVEs (1,765)

  • CVE-2019-2222Dec 6, 2019
    risk 0.00cvss epss 0.01

    n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2226Dec 6, 2019
    risk 0.00cvss epss 0.00

    In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2230Dec 6, 2019
    risk 0.00cvss epss 0.01

    In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-2225Dec 6, 2019
    risk 0.00cvss epss 0.00

    When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed.…

  • CVE-2019-2228Dec 6, 2019
    risk 0.00cvss epss 0.00

    In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2231Dec 6, 2019
    risk 0.00cvss epss 0.00

    In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2019-2229Dec 6, 2019
    risk 0.00cvss epss 0.00

    In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2227Dec 6, 2019
    risk 0.00cvss epss 0.00

    In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2217Dec 6, 2019
    risk 0.00cvss epss 0.00

    In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2220Dec 6, 2019
    risk 0.00cvss epss 0.00

    In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-2218Dec 6, 2019
    risk 0.00cvss epss 0.00

    In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is…

  • CVE-2019-2036Nov 13, 2019
    risk 0.00cvss epss 0.02

    In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2198Nov 13, 2019
    risk 0.00cvss epss 0.00

    In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9…

  • CVE-2019-2196Nov 13, 2019
    risk 0.00cvss epss 0.00

    In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android…

  • CVE-2019-2207Nov 13, 2019
    risk 0.00cvss epss 0.00

    In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2233Nov 13, 2019
    risk 0.00cvss epss 0.00

    In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User…

  • CVE-2019-2206Nov 13, 2019
    risk 0.00cvss epss 0.01

    In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2204Nov 13, 2019
    risk 0.00cvss epss 0.01

    In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2019-2202Nov 13, 2019
    risk 0.00cvss epss 0.00

    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2197Nov 13, 2019
    risk 0.00cvss epss 0.00

    In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed…

Page 71 of 89