VYPR

Android

by Google

CVEs (4,120)

  • CVE-2022-20441HigNov 8, 2022
    risk 0.51cvss 7.8epss 0.00

    In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User…

  • CVE-2022-20419HigOct 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20392HigSep 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional…

  • CVE-2021-0943HigSep 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0871HigSep 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2022-20292HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20282HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20281HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20268HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterprise managed device with no additional execution privileges needed. User…

  • CVE-2022-20368HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

  • CVE-2022-20250HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20180HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20356HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2022-20349HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20223HigJul 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2022-20212HigJul 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20207HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20204HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2022-20197HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20194HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

Page 37 of 206