VYPR

Android

by Google

CVEs (4,699)

  • CVE-2020-0125MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0399MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0396MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1…

  • CVE-2020-0395MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0390MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:…

  • CVE-2020-0389MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0386MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction…

  • CVE-2020-0385MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.01

    In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0258MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0250MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0249MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0248MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0247MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2020-0239MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution…

  • CVE-2020-0206MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android…

  • CVE-2020-0197MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0187MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0185MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0178MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0177MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 151 of 235