VYPR

Vendor CVEs

Google

All CVEs

11,404 total · sorted by risk
  • CVE-2022-20467MedMar 24, 2023
    risk 0.36cvss 5.5epss 0.00

    In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20481MedFeb 28, 2023
    risk 0.36cvss 5.5epss 0.00

    In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20455MedFeb 28, 2023
    risk 0.36cvss 5.5epss 0.00

    In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20949MedFeb 15, 2023
    risk 0.36cvss 5.5epss 0.00

    In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20923MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20922MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20908MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20494MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20458MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the…

  • CVE-2022-20235MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption…

  • CVE-2022-20215MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20213MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-42535MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20609MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2022-20608MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2022-20604MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20592MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20591MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2022-20590MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20575MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20574MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20570MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A

  • CVE-2022-20552MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20538MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20531MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20527MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20523MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20518MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20517MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20515MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20513MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20511MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20510MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution…

  • CVE-2022-20199MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20502MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20500MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2022-20496MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20482MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20476MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20471MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20466MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed.…

  • CVE-2021-0934MedDec 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20457MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20453MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20448MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20426MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20414MedNov 8, 2022
    risk 0.36cvss 5.5epss 0.00

    In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-3421MedOct 17, 2022
    risk 0.36cvss 5.6epss 0.00

    An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute…

  • CVE-2022-20464MedOct 14, 2022
    risk 0.36cvss 5.5epss 0.00

    In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…

  • CVE-2022-20440MedOct 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918

Page 142 of 229