VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2020-0326MedSep 18, 2020
    risk 0.44cvss 6.7epss 0.00

    In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119

  • CVE-2020-0309MedSep 18, 2020
    risk 0.44cvss 6.7epss 0.00

    In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0356MedSep 17, 2020
    risk 0.44cvss 6.7epss 0.00

    In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0336MedSep 17, 2020
    risk 0.44cvss 6.7epss 0.00

    In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444

  • CVE-2020-0431MedSep 17, 2020
    risk 0.44cvss 6.7epss 0.00

    In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0429MedSep 17, 2020
    risk 0.44cvss 6.7epss 0.00

    In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0256MedAug 11, 2020
    risk 0.44cvss 6.8epss 0.00

    In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0122MedJul 17, 2020
    risk 0.44cvss 6.7epss 0.00

    In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed…

  • CVE-2020-0186MedJun 11, 2020
    risk 0.44cvss 6.7epss 0.00

    In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0124MedJun 11, 2020
    risk 0.44cvss 6.7epss 0.00

    In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0220MedMay 14, 2020
    risk 0.44cvss 6.7epss 0.00

    In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0076MedApr 17, 2020
    risk 0.44cvss 6.7epss 0.00

    In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0053MedMar 10, 2020
    risk 0.44cvss 6.7epss 0.00

    In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution…

  • CVE-2020-0050MedMar 10, 2020
    risk 0.44cvss 6.7epss 0.00

    In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0012MedMar 10, 2020
    risk 0.44cvss 6.7epss 0.00

    In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0011MedMar 10, 2020
    risk 0.44cvss 6.7epss 0.00

    In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0010MedMar 10, 2020
    risk 0.44cvss 6.7epss 0.00

    In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0005MedFeb 13, 2020
    risk 0.44cvss 6.7epss 0.00

    In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-9471MedJan 6, 2020
    risk 0.44cvss 6.7epss 0.00

    In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2019-9470MedJan 6, 2020
    risk 0.44cvss 6.7epss 0.00

    In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android…

  • CVE-2019-9467MedNov 13, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2019-2199MedNov 13, 2019
    risk 0.44cvss 6.7epss 0.00

    In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android…

  • CVE-2019-9456MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9454MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9451MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9448MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9447MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9446MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9443MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction…

  • CVE-2019-9442MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.

  • CVE-2019-9441MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9436MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-9426MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9276MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9275MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9274MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9273MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9248MedSep 6, 2019
    risk 0.44cvss 6.7epss 0.00

    In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9517MedDec 7, 2018
    risk 0.44cvss 6.7epss 0.00

    In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:…

  • CVE-2016-10443MedApr 18, 2018
    risk 0.44cvss 6.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD…

  • CVE-2017-0706MedJul 6, 2017
    risk 0.44cvss 6.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

  • CVE-2017-0705MedJul 6, 2017
    risk 0.44cvss 6.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

  • CVE-2017-10709MedJun 30, 2017
    risk 0.44cvss 6.8epss 0.00

    The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

  • CVE-2015-9004HigMay 2, 2017
    risk 0.44cvss 7.8epss 0.01

    kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

  • CVE-2014-9922HigApr 4, 2017
    risk 0.44cvss 7.8epss 0.01

    The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

  • CVE-2016-10044HigFeb 7, 2017
    risk 0.44cvss 7.8epss 0.00

    The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.

  • CVE-2014-9914HigFeb 7, 2017
    risk 0.44cvss 7.8epss 0.00

    Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to…

  • CVE-2015-8967HigDec 8, 2016
    risk 0.44cvss 7.8epss 0.01

    arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

  • CVE-2016-3889MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a…

  • CVE-2016-3886MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438.

Page 118 of 229