VYPR

Android SDK

by Google

CVEs (1,763)

  • CVE-2023-40094Dec 4, 2023
    risk 0.00cvss epss 0.00

    In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40091Dec 4, 2023
    risk 0.00cvss epss 0.00

    In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40090Dec 4, 2023
    risk 0.00cvss epss 0.01

    In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40089Dec 4, 2023
    risk 0.00cvss epss 0.00

    In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2023-40084Dec 4, 2023
    risk 0.00cvss epss 0.00

    In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40075Dec 4, 2023
    risk 0.00cvss epss 0.00

    In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is…

  • CVE-2023-35668Dec 4, 2023
    risk 0.00cvss epss 0.00

    In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21398Oct 30, 2023
    risk 0.00cvss epss 0.00

    In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21392Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21382Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21375Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21372Oct 30, 2023
    risk 0.00cvss epss 0.00

    In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21367Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21366Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21364Oct 30, 2023
    risk 0.00cvss epss 0.00

    In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21355Oct 30, 2023
    risk 0.00cvss epss 0.00

    In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21354Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction…

  • CVE-2023-21349Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21348Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21333Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

Page 8 of 89