VYPR

Android

by Google

CVEs (4,717)

  • CVE-2022-20458MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the…

  • CVE-2022-20235MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption…

  • CVE-2022-20215MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20213MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-42535MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20552MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20538MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20531MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20523MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20518MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20517MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20515MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20511MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20510MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution…

  • CVE-2022-20199MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20502MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20500MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2022-20496MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20482MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20476MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

Page 146 of 236