VYPR

Android

by Google

CVEs (4,041)

  • CVE-2018-9471Nov 20, 2024
    risk 0.00cvss epss 0.00

    In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9470Nov 20, 2024
    risk 0.00cvss epss 0.00

    In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9469Nov 20, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed…

  • CVE-2018-9468Nov 20, 2024
    risk 0.00cvss epss 0.00

    In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-10382Nov 20, 2024
    risk 0.00cvss epss 0.00

    There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An…

  • CVE-2018-9467Nov 19, 2024
    risk 0.00cvss epss 0.00

    In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9466Nov 19, 2024
    risk 0.00cvss epss 0.00

    In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9456Nov 19, 2024
    risk 0.00cvss epss 0.00

    In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9440Nov 19, 2024
    risk 0.00cvss epss 0.00

    In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9433Nov 19, 2024
    risk 0.00cvss epss 0.00

    In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9432Nov 19, 2024
    risk 0.00cvss epss 0.00

    In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional…

  • CVE-2018-9428Nov 19, 2024
    risk 0.00cvss epss 0.00

    In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. …

  • CVE-2018-9424Nov 19, 2024
    risk 0.00cvss epss 0.00

    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9421Nov 19, 2024
    risk 0.00cvss epss 0.00

    In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9420Nov 19, 2024
    risk 0.00cvss epss 0.00

    In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9419Nov 19, 2024
    risk 0.00cvss epss 0.00

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9417Nov 19, 2024
    risk 0.00cvss epss 0.00

    In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9412Nov 19, 2024
    risk 0.00cvss epss 0.00

    In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9410Nov 19, 2024
    risk 0.00cvss epss 0.00

    In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9409Nov 19, 2024
    risk 0.00cvss epss 0.00

    In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 179 of 203