VYPR

Android

by Google

CVEs (4,717)

  • CVE-2020-0430HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0387HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0401HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0394HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is…

  • CVE-2020-0391HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0388HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0074HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2020-0257HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0243HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0242HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0241HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0108HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.01

    In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0227HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges…

  • CVE-2020-0226HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0120HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0219HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0215HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User…

  • CVE-2020-0210HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0209HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0208HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

Page 65 of 236