VYPR

Android

by Google

CVEs (4,290)

  • CVE-2021-0959HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39653HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution…

  • CVE-2021-1029HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0999HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-0985HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0932HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is…

  • CVE-2021-0928HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-0927HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0708HigOct 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0685HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0646HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed.…

  • CVE-2021-0593HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0417HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0539HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-0570HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0534HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0528HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…

  • CVE-2021-0527HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0510HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0445HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

Page 43 of 215