VYPR

Android

by Google

CVEs (4,717)

  • CVE-2021-0485HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0481HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.01

    In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0477HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0472HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0445HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0442HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0439HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-0438HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2021-0437HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0429HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2021-0427HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0426HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0465HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0389HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0388HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges…

  • CVE-2021-0386HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0385HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional…

  • CVE-2021-0383HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0380HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges…

  • CVE-2021-0398HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

Page 61 of 236