VYPR

platform/frameworks/base

by Google

CVEs (14)

  • CVE-2023-45777HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-45774HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35676HigSep 11, 2023
    risk 0.51cvss 7.8epss 0.00

    In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2023-40092MedDec 4, 2023
    risk 0.36cvss 5.5epss 0.00

    In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40081MedDec 4, 2023
    risk 0.36cvss 5.5epss 0.00

    In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40076MedDec 4, 2023
    risk 0.36cvss 5.5epss 0.02

    In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40075MedDec 4, 2023
    risk 0.36cvss 5.5epss 0.00

    In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is…

  • CVE-2023-40073MedDec 4, 2023
    risk 0.36cvss 5.5epss 0.00

    In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35668MedDec 4, 2023
    risk 0.36cvss 5.5epss 0.00

    In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40133MedOct 27, 2023
    risk 0.36cvss 5.5epss 0.00

    In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40123MedOct 27, 2023
    risk 0.36cvss 5.5epss 0.00

    In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40137LowOct 27, 2023
    risk 0.21cvss 3.3epss 0.00

    In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40136LowOct 27, 2023
    risk 0.21cvss 3.3epss 0.00

    In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40135LowOct 27, 2023
    risk 0.21cvss 3.3epss 0.00

    In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.