VYPR

Android SDK

by Google

CVEs (1,763)

  • CVE-2023-21329Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21328Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-21327Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21320Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-21319Oct 30, 2023
    risk 0.00cvss epss 0.00

    In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21312Oct 30, 2023
    risk 0.00cvss epss 0.00

    In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21309Oct 30, 2023
    risk 0.00cvss epss 0.00

    In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21307Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2023-21306Oct 30, 2023
    risk 0.00cvss epss 0.00

    In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21304Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21300Oct 30, 2023
    risk 0.00cvss epss 0.00

    In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21296Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20264Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2021-39810Oct 30, 2023
    risk 0.00cvss epss 0.00

    In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution…

  • CVE-2023-40140Oct 27, 2023
    risk 0.00cvss epss 0.00

    In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40137Oct 27, 2023
    risk 0.00cvss epss 0.00

    In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40136Oct 27, 2023
    risk 0.00cvss epss 0.00

    In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40134Oct 27, 2023
    risk 0.00cvss epss 0.00

    In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40131Oct 27, 2023
    risk 0.00cvss epss 0.00

    In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40121Oct 27, 2023
    risk 0.00cvss epss 0.00

    In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Page 9 of 89