VYPR

Android

by Google

CVEs (4,121)

  • CVE-2025-36905Sep 4, 2025
    risk 0.00cvss epss 0.00

    In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36904Sep 4, 2025
    risk 0.00cvss epss 0.00

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.

  • CVE-2025-36903Sep 4, 2025
    risk 0.00cvss epss 0.00

    In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36902Sep 4, 2025
    risk 0.00cvss epss 0.00

    In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36901Sep 4, 2025
    risk 0.00cvss epss 0.00

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.

  • CVE-2025-36900Sep 4, 2025
    risk 0.00cvss epss 0.00

    In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36899Sep 4, 2025
    risk 0.00cvss epss 0.00

    There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36898Sep 4, 2025
    risk 0.00cvss epss 0.00

    There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36897Sep 4, 2025
    risk 0.00cvss epss 0.00

    In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36896Sep 4, 2025
    risk 0.00cvss epss 0.00

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.

  • CVE-2025-36895Sep 4, 2025
    risk 0.00cvss epss 0.00

    Information disclosure

  • CVE-2025-36894Sep 4, 2025
    risk 0.00cvss epss 0.00

    In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36893Sep 4, 2025
    risk 0.00cvss epss 0.00

    In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36892Sep 4, 2025
    risk 0.00cvss epss 0.00

    Denial of service

  • CVE-2025-36891Sep 4, 2025
    risk 0.00cvss epss 0.00

    Elevation of privilege

  • CVE-2025-36890Sep 4, 2025
    risk 0.00cvss epss 0.00

    Elevation of Privilege

  • CVE-2025-26416Sep 2, 2025
    risk 0.00cvss epss 0.00

    In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22442Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2025-22439Sep 2, 2025
    risk 0.00cvss epss 0.00

    In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…

  • CVE-2025-22438Sep 2, 2025
    risk 0.00cvss epss 0.00

    In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 172 of 207