VYPR

Android

by Google

CVEs (4,290)

  • CVE-2015-5310MedJan 6, 2016
    risk 0.28cvss 4.3epss 0.01

    The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service…

  • CVE-2021-39727MedMar 16, 2022
    risk 0.27cvss 4.1epss 0.00

    In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0199MedJun 11, 2020
    risk 0.27cvss 4.1epss 0.00

    In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2017-13238MedFeb 12, 2018
    risk 0.27cvss 4.2epss 0.00

    In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2026-28581MedJun 1, 2026
    risk 0.26cvss 4.0epss 0.00

    In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation.

  • CVE-2016-3764MedJul 11, 2016
    risk 0.26cvss 4.0epss 0.00

    media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.

  • CVE-2016-3761MedJul 11, 2016
    risk 0.26cvss 4.0epss 0.00

    NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.

  • CVE-2022-20226LowJul 13, 2022
    risk 0.25cvss 3.9epss 0.00

    In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2017-3544LowApr 24, 2017
    risk 0.24cvss 3.7epss 0.02

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows…

  • CVE-2022-20330LowAug 12, 2022
    risk 0.23cvss 3.5epss 0.00

    In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2023-38301LowApr 22, 2024
    risk 0.22cvss 3.4epss 0.00

    An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl…

  • CVE-2015-6644LowJan 6, 2016
    risk 0.22cvss 3.3epss 0.01

    Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

  • CVE-2026-28586LowJun 1, 2026
    risk 0.21cvss 3.3epss 0.00

    In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0056LowJun 1, 2026
    risk 0.21cvss 3.3epss 0.00

    In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0016LowJun 1, 2026
    risk 0.21cvss 3.3epss 0.00

    In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2025-48616LowJun 1, 2026
    risk 0.21cvss 3.3epss 0.00

    In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21349LowOct 30, 2023
    risk 0.21cvss 3.3epss 0.00

    In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21348LowOct 30, 2023
    risk 0.21cvss 3.3epss 0.00

    In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21346LowOct 30, 2023
    risk 0.21cvss 3.3epss 0.00

    In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2023-21345LowOct 30, 2023
    risk 0.21cvss 3.3epss 0.00

    In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

Page 160 of 215