VYPR

Android

by Google

CVEs (4,121)

  • CVE-2021-0878HigApr 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-21068HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution…

  • CVE-2023-21040HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-21035HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2023-21024HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-21022HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-21021HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-21017HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2023-21015HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21005HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21004HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21003HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21001HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-21000HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:…

  • CVE-2023-20995HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20985HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20975HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2023-20971HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-20966HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2023-20964HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

Page 34 of 207