VYPR

Android

by Google

CVEs (4,457)

  • CVE-2016-2460MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and…

  • CVE-2016-2459MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and…

  • CVE-2016-2458MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and…

  • CVE-2016-2457MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.

  • CVE-2016-2454MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.

  • CVE-2016-2427MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application,…

  • CVE-2016-2426MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted…

  • CVE-2016-2425MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs…

  • CVE-2016-2424MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted…

  • CVE-2016-2415MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to…

  • CVE-2016-0831MedMar 12, 2016
    risk 0.36cvss 5.5epss 0.00

    The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted…

  • CVE-2020-0279MedSep 17, 2020
    risk 0.35cvss 6.5epss 0.01

    In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2014-9908MedJan 8, 2020
    risk 0.35cvss 6.5epss 0.00

    A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).

  • CVE-2019-9283MedSep 27, 2019
    risk 0.35cvss 6.5epss 0.01

    In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2016-0824MedMar 12, 2016
    risk 0.35cvss 5.3epss 0.01

    libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal…

  • CVE-2016-1940MedJan 31, 2016
    risk 0.35cvss 5.3epss 0.01

    Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

  • CVE-2022-20530MedDec 16, 2022
    risk 0.34cvss 5.3epss 0.00

    In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-1037MedJan 14, 2022
    risk 0.34cvss 5.3epss 0.00

    The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions:…

  • CVE-2019-9323MedSep 27, 2019
    risk 0.34cvss 5.3epss 0.00

    In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:…

  • CVE-2017-0751MedApr 5, 2018
    risk 0.34cvss 5.3epss 0.00

    An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.

Page 157 of 223