VYPR

Android

by Google

CVEs (4,041)

  • CVE-2020-0341Sep 17, 2020
    risk 0.00cvss epss 0.00

    In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0333Sep 17, 2020
    risk 0.00cvss epss 0.01

    In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755

  • CVE-2020-0267Sep 17, 2020
    risk 0.00cvss epss 0.01

    In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is…

  • CVE-2020-0397Sep 17, 2020
    risk 0.00cvss epss 0.00

    In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0395Sep 17, 2020
    risk 0.00cvss epss 0.00

    In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0382Sep 17, 2020
    risk 0.00cvss epss 0.00

    In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0074Sep 17, 2020
    risk 0.00cvss epss 0.00

    In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2020-25057Aug 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).

  • CVE-2020-0261Aug 13, 2020
    risk 0.00cvss epss 0.00

    In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0248Aug 11, 2020
    risk 0.00cvss epss 0.00

    In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0108Aug 11, 2020
    risk 0.00cvss epss 0.01

    In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0226Jul 17, 2020
    risk 0.00cvss epss 0.00

    In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0122Jul 17, 2020
    risk 0.00cvss epss 0.00

    In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed…

  • CVE-2020-0232Jun 16, 2020
    risk 0.00cvss epss 0.00

    Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens,…

  • CVE-2020-0176Jun 11, 2020
    risk 0.00cvss epss 0.01

    In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0214Jun 11, 2020
    risk 0.00cvss epss 0.01

    In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0178Jun 11, 2020
    risk 0.00cvss epss 0.00

    In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0158Jun 11, 2020
    risk 0.00cvss epss 0.00

    In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0183Jun 11, 2020
    risk 0.00cvss epss 0.00

    In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479

  • CVE-2020-0188Jun 11, 2020
    risk 0.00cvss epss 0.00

    In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 184 of 203