VYPR

Android

by Google

CVEs (4,717)

  • CVE-2021-1009MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution…

  • CVE-2021-1005MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution…

  • CVE-2021-1001MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0997MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0986MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges…

  • CVE-2021-0979MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional…

  • CVE-2021-0966MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no…

  • CVE-2021-0931MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-0704MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional…

  • CVE-2021-0653MedDec 15, 2021
    risk 0.36cvss 5.5epss 0.00

    In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2021-0706MedOct 22, 2021
    risk 0.36cvss 5.5epss 0.00

    In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0702MedOct 22, 2021
    risk 0.36cvss 5.5epss 0.00

    In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0651MedOct 22, 2021
    risk 0.36cvss 5.5epss 0.00

    In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0643MedOct 22, 2021
    risk 0.36cvss 5.5epss 0.00

    In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User…

  • CVE-2021-0686MedOct 6, 2021
    risk 0.36cvss 5.5epss 0.00

    In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.…

  • CVE-2021-0682MedOct 6, 2021
    risk 0.36cvss 5.5epss 0.00

    In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0644MedOct 6, 2021
    risk 0.36cvss 5.5epss 0.00

    In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed…

  • CVE-2021-0642MedAug 17, 2021
    risk 0.36cvss 5.5epss 0.00

    In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2021-0641MedAug 17, 2021
    risk 0.36cvss 5.5epss 0.00

    In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2021-0584MedAug 17, 2021
    risk 0.36cvss 5.5epss 0.00

    In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 147 of 236