VYPR

Android

by Google

CVEs (4,041)

  • CVE-2021-0339Feb 10, 2021
    risk 0.00cvss epss 0.01

    In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-27098Jan 22, 2021
    risk 0.00cvss epss 0.00

    In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0312Jan 11, 2021
    risk 0.00cvss epss 0.01

    In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions:…

  • CVE-2021-0311Jan 11, 2021
    risk 0.00cvss epss 0.01

    In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.…

  • CVE-2020-0471Jan 11, 2021
    risk 0.00cvss epss 0.02

    In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no…

  • CVE-2021-0317Jan 11, 2021
    risk 0.00cvss epss 0.00

    In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android;…

  • CVE-2021-0307Jan 11, 2021
    risk 0.00cvss epss 0.00

    In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no…

  • CVE-2020-27067Dec 15, 2020
    risk 0.00cvss epss 0.00

    In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2020-27057Dec 15, 2020
    risk 0.00cvss epss 0.00

    In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-27055Dec 15, 2020
    risk 0.00cvss epss 0.01

    In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution…

  • CVE-2020-27048Dec 15, 2020
    risk 0.00cvss epss 0.00

    In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-27041Dec 15, 2020
    risk 0.00cvss epss 0.00

    In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-27033Dec 15, 2020
    risk 0.00cvss epss 0.00

    In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-27026Dec 15, 2020
    risk 0.00cvss epss 0.00

    During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-27025Dec 15, 2020
    risk 0.00cvss epss 0.00

    In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0500Dec 15, 2020
    risk 0.00cvss epss 0.00

    In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0494Dec 15, 2020
    risk 0.00cvss epss 0.01

    In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0480Dec 15, 2020
    risk 0.00cvss epss 0.00

    In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution…

  • CVE-2020-0478Dec 15, 2020
    risk 0.00cvss epss 0.00

    In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0474Dec 15, 2020
    risk 0.00cvss epss 0.00

    In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

Page 181 of 203