VYPR

Android

by Google

CVEs (4,680)

  • CVE-2020-0215HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User…

  • CVE-2020-0210HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0209HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0208HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0203HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0202HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2020-0188HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0183HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479

  • CVE-2020-0179HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:…

  • CVE-2020-0166HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0155HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0150HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0137HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0136HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0129HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0118HigJun 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0114HigJun 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User…

  • CVE-2020-0109HigMay 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0105HigMay 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is…

  • CVE-2020-0102HigMay 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 52 of 234