VYPR

Android

by Google

CVEs (4,717)

  • CVE-2023-40113Feb 15, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40112Feb 15, 2024
    risk 0.00cvss epss 0.00

    In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-40111Feb 15, 2024
    risk 0.00cvss epss 0.00

    In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…

  • CVE-2023-40110Feb 15, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40109Feb 15, 2024
    risk 0.00cvss epss 0.00

    In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40107Feb 15, 2024
    risk 0.00cvss epss 0.00

    In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40106Feb 15, 2024
    risk 0.00cvss epss 0.00

    In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40105Feb 15, 2024
    risk 0.00cvss epss 0.00

    In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40104Feb 15, 2024
    risk 0.00cvss epss 0.00

    In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40100Feb 15, 2024
    risk 0.00cvss epss 0.00

    In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2017-13220HigJan 12, 2018
    risk 0.00cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

  • CVE-2015-8507Dec 8, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.

  • CVE-2015-8506Dec 8, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616,…

  • CVE-2015-8505Dec 8, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.

  • CVE-2015-6634Dec 8, 2015
    risk 0.00cvss epss 0.02

    The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.

  • CVE-2015-6633Dec 8, 2015
    risk 0.00cvss epss 0.02

    The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.

  • CVE-2015-6632Dec 8, 2015
    risk 0.00cvss epss 0.01

    libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access,…

  • CVE-2015-6631Dec 8, 2015
    risk 0.00cvss epss 0.01

    libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access,…

  • CVE-2015-6630Dec 8, 2015
    risk 0.00cvss epss 0.00

    SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.

  • CVE-2015-6629Dec 8, 2015
    risk 0.00cvss epss 0.00

    Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.

Page 229 of 236