VYPR

Android

by Google

CVEs (4,457)

  • CVE-2021-0386HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0385HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional…

  • CVE-2021-0383HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0380HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges…

  • CVE-2021-0398HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0395HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0393HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is…

  • CVE-2021-0392HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

  • CVE-2021-0391HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2021-0390HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges…

  • CVE-2021-0376HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0372HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0369HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…

  • CVE-2021-0339HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0337HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1…

  • CVE-2021-0336HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0334HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0332HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0329HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0328HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

Page 47 of 223