VYPR

AOSP Mail

by Google

CVEs (3)

  • CVE-2016-3918MedOct 10, 2016
    risk 0.36cvss 5.5epss 0.00

    email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a…

  • CVE-2016-3896MedSep 11, 2016
    risk 0.36cvss 5.5epss 0.00

    AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.

  • CVE-2019-1995Feb 28, 2019
    risk 0.00cvss epss 0.00

    In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional…