VYPR

Android

by Google

CVEs (4,717)

  • CVE-2020-27052HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-27048HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-27045HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-27044HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-27030HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0486HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0485HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0480HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution…

  • CVE-2020-0479HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges…

  • CVE-2020-0478HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0475HigDec 15, 2020
    risk 0.51cvss 7.8epss 0.00

    In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0440HigDec 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2020-0099HigDec 14, 2020
    risk 0.51cvss 7.8epss 0.01

    In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0439HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional…

  • CVE-2020-0438HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed.…

  • CVE-2020-0418HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813

  • CVE-2020-0409HigNov 10, 2020
    risk 0.51cvss 7.8epss 0.00

    In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2020-0421HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0420HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0408HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

Page 63 of 236