VYPR

Android

by Google

CVEs (4,041)

  • CVE-2018-9458Nov 6, 2018
    risk 0.00cvss epss 0.01

    In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no…

  • CVE-2018-9438Nov 6, 2018
    risk 0.00cvss epss 0.00

    When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation.…

  • CVE-2018-9451Nov 6, 2018
    risk 0.00cvss epss 0.00

    In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9459Nov 6, 2018
    risk 0.00cvss epss 0.02

    In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2018-9489Nov 6, 2018
    risk 0.00cvss epss 0.01

    When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for…

  • CVE-2018-9361Nov 6, 2018
    risk 0.00cvss epss 0.02

    In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9453Nov 6, 2018
    risk 0.00cvss epss 0.00

    In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9455Nov 6, 2018
    risk 0.00cvss epss 0.02

    In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9427Nov 6, 2018
    risk 0.00cvss epss 0.02

    In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android…

  • CVE-2018-9358Nov 6, 2018
    risk 0.00cvss epss 0.02

    In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed…

  • CVE-2018-9356Nov 6, 2018
    risk 0.00cvss epss 0.03

    In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0…

  • CVE-2018-9450Nov 6, 2018
    risk 0.00cvss epss 0.03

    In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9454Nov 6, 2018
    risk 0.00cvss epss 0.00

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9415Nov 6, 2018
    risk 0.00cvss epss 0.00

    In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2017-13220HigJan 12, 2018
    risk 0.00cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

  • CVE-2015-8507Dec 8, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.

  • CVE-2015-8506Dec 8, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616,…

  • CVE-2015-8505Dec 8, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.

  • CVE-2015-6634Dec 8, 2015
    risk 0.00cvss epss 0.02

    The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.

  • CVE-2015-6633Dec 8, 2015
    risk 0.00cvss epss 0.02

    The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.

Page 195 of 203