VYPR

Android

by Google

CVEs (4,717)

  • CVE-2019-2194HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0405HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0319HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0299HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0273HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0262HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0089HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0375HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0374HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602

  • CVE-2020-0366HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0360HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0357HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0346HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed…

  • CVE-2020-0345HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721

  • CVE-2020-0341HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0277HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction…

  • CVE-2020-0275HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not…

  • CVE-2020-0267HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.01

    In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is…

  • CVE-2020-0266HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0434HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

Page 64 of 236