VYPR

Android

by Google

CVEs (4,457)

  • CVE-2021-0534HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0513HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed.…

  • CVE-2021-0505HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0478HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is…

  • CVE-2021-0487HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2021-0485HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0481HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.01

    In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0477HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0472HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0445HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0442HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0439HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-0438HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2021-0437HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0429HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2021-0427HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0426HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0465HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0389HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0388HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges…

Page 46 of 223