VYPR

Android

by Google

CVEs (4,042)

  • CVE-2023-21245HigJul 13, 2023
    risk 0.51cvss 7.8epss 0.00

    In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2023-21241HigJul 13, 2023
    risk 0.51cvss 7.8epss 0.00

    In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21145HigJul 13, 2023
    risk 0.51cvss 7.8epss 0.00

    In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-21174HigJun 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21149HigJun 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2023-21147HigJun 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-21139HigJun 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-21138HigJun 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed…

  • CVE-2023-21129HigJun 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-21117HigMay 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-21110HigMay 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-21109HigMay 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21107HigMay 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-21106HigMay 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2023-21100HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12…

  • CVE-2023-21099HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2023-21097HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-21093HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2023-21086HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution…

  • CVE-2023-21083HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed…

Page 32 of 203