VYPR

Android

by Google

CVEs (4,717)

  • CVE-2019-9436MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-9426MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9517MedDec 7, 2018
    risk 0.44cvss 6.7epss 0.00

    In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:…

  • CVE-2016-10443MedApr 18, 2018
    risk 0.44cvss 6.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD…

  • CVE-2017-0706MedJul 6, 2017
    risk 0.44cvss 6.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

  • CVE-2017-0705MedJul 6, 2017
    risk 0.44cvss 6.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

  • CVE-2017-10709MedJun 30, 2017
    risk 0.44cvss 6.8epss 0.00

    The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

  • CVE-2015-9004HigMay 2, 2017
    risk 0.44cvss 7.8epss 0.01

    kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

  • CVE-2014-9922HigApr 4, 2017
    risk 0.44cvss 7.8epss 0.01

    The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

  • CVE-2016-10044HigFeb 7, 2017
    risk 0.44cvss 7.8epss 0.00

    The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.

  • CVE-2014-9914HigFeb 7, 2017
    risk 0.44cvss 7.8epss 0.00

    Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to…

  • CVE-2015-8967HigDec 8, 2016
    risk 0.44cvss 7.8epss 0.01

    arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

  • CVE-2016-3889MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a…

  • CVE-2016-3886MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438.

  • CVE-2016-3876MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug…

  • CVE-2016-3875MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.

  • CVE-2014-9888HigAug 6, 2016
    risk 0.44cvss 7.8epss 0.00

    arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android…

  • CVE-2014-9870HigAug 6, 2016
    risk 0.44cvss 7.8epss 0.01

    The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9803HigJul 11, 2016
    risk 0.44cvss 7.8epss 0.01

    arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2016-0774MedApr 27, 2016
    risk 0.44cvss 6.8epss 0.00

    The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the…

Page 143 of 236