VYPR

Android

by Google

CVEs (4,120)

  • CVE-2023-20964HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20959HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20957HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20953HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-20947HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20931HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20911HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20906HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no…

  • CVE-2022-20542HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20943HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2023-20934HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-20933HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20920HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2023-20916HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2023-20913HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed.…

  • CVE-2023-20912HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-20905HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20904HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20493HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20492HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

Page 35 of 206