VYPR

Android

by Google

CVEs (4,290)

  • CVE-2021-1031LowDec 15, 2021
    risk 0.21cvss 3.3epss 0.00

    In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional…

  • CVE-2021-1015LowDec 15, 2021
    risk 0.21cvss 3.3epss 0.00

    In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges…

  • CVE-2021-0995LowDec 15, 2021
    risk 0.21cvss 3.3epss 0.00

    In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional…

  • CVE-2021-0994LowDec 15, 2021
    risk 0.21cvss 3.3epss 0.00

    In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges…

  • CVE-2021-0992LowDec 15, 2021
    risk 0.21cvss 3.3epss 0.00

    In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0978LowDec 15, 2021
    risk 0.21cvss 3.3epss 0.00

    In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution…

  • CVE-2020-27057LowDec 15, 2020
    risk 0.21cvss 3.3epss 0.00

    In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for…

  • CVE-2017-6426LowApr 4, 2018
    risk 0.21cvss 3.3epss 0.00

    An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.

  • CVE-2017-6425LowApr 4, 2018
    risk 0.21cvss 3.3epss 0.00

    An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.

  • CVE-2016-10236LowApr 4, 2018
    risk 0.21cvss 3.3epss 0.00

    An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.

  • CVE-2017-0709LowJul 6, 2017
    risk 0.21cvss 3.3epss 0.00

    A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.

  • CVE-2015-9032LowJun 13, 2017
    risk 0.21cvss 3.3epss 0.00

    In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.

  • CVE-2015-9031LowJun 13, 2017
    risk 0.21cvss 3.3epss 0.00

    In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.

  • CVE-2016-6770LowJan 12, 2017
    risk 0.21cvss 3.3epss 0.00

    An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android.…

  • CVE-2016-3763LowJul 11, 2016
    risk 0.21cvss 3.3epss 0.01

    net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to…

  • CVE-2016-3759LowJul 11, 2016
    risk 0.21cvss 3.3epss 0.00

    The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.

  • CVE-2023-21262LowJul 13, 2023
    risk 0.20cvss 3.1epss 0.00

    In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

  • CVE-2015-6641LowJan 6, 2016
    risk 0.20cvss 3.1epss 0.00

    Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

  • CVE-2016-0823MedMar 12, 2016
    risk 0.19cvss 4.0epss 0.00

    The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

  • CVE-2022-20327LowAug 12, 2022
    risk 0.18cvss 2.8epss 0.00

    In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product:…

Page 163 of 215