VYPR

Android

by Google

CVEs (4,716)

  • CVE-2017-13263HigApr 4, 2018
    risk 0.47cvss 7.3epss 0.00

    A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.

  • CVE-2017-13307HigApr 4, 2018
    risk 0.47cvss 7.3epss 0.00

    A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.

  • CVE-2017-13306HigApr 4, 2018
    risk 0.47cvss 7.3epss 0.00

    A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.

  • CVE-2016-3841HigAug 6, 2016
    risk 0.47cvss 7.3epss 0.00

    The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

  • CVE-2016-3850HigAug 5, 2016
    risk 0.47cvss 7.3epss 0.00

    Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug…

  • CVE-2016-2497HigAug 5, 2016
    risk 0.47cvss 7.3epss 0.01

    services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal…

  • CVE-2016-0728HigFeb 8, 2016
    risk 0.47cvss 7.8epss 0.04

    The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted…

  • CVE-2014-9322HigDec 17, 2014
    risk 0.47cvss 7.8epss 0.01

    arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the…

  • CVE-2024-49724HigJan 21, 2025
    risk 0.46cvss 7.0epss 0.00

    In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…

  • CVE-2018-9461HigJan 18, 2025
    risk 0.46cvss 7.0epss 0.00

    In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9468HigNov 20, 2024
    risk 0.46cvss 7.1epss 0.00

    In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23716HigSep 11, 2024
    risk 0.46cvss 7.0epss 0.00

    In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34731HigAug 15, 2024
    risk 0.46cvss 7.0epss 0.00

    In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34725HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.00

    In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34724HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.00

    In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31327HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.00

    In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32920HigJun 13, 2024
    risk 0.46cvss 7.1epss 0.00

    In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32917HigJun 13, 2024
    risk 0.46cvss 7.1epss 0.00

    In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32899HigJun 13, 2024
    risk 0.46cvss 7.0epss 0.00

    In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-32891HigJun 13, 2024
    risk 0.46cvss 7.0epss 0.00

    In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 125 of 236