VYPR

Android

by Google

CVEs (4,290)

  • CVE-2021-0426HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0386HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0390HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges…

  • CVE-2021-0339HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0337HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1…

  • CVE-2021-0317HigJan 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android;…

  • CVE-2021-0307HigJan 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no…

  • CVE-2020-27048HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0480HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution…

  • CVE-2020-0478HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0438HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed.…

  • CVE-2020-0405HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0262HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0369HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0366HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0360HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0341HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0306HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0267HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.01

    In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is…

  • CVE-2020-0074HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

Page 44 of 215