VYPR

Vendor CVEs

Google

All CVEs

11,404 total · sorted by risk
  • CVE-2022-20219MedJul 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20206MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for…

  • CVE-2022-20205MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20200MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20172MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20146MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20129MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20119MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20117MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20115MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User…

  • CVE-2022-20112MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2022-20011MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39700MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39670MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39800MedApr 12, 2022
    risk 0.36cvss 5.5epss 0.00

    In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39791MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction…

  • CVE-2021-39788MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2021-39779MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39778MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39777MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39775MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39774MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

  • CVE-2021-39773MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39770MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39769MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39766MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-39765MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427

  • CVE-2021-39761MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39760MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2021-39757MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

  • CVE-2021-39756MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-39755MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2021-39754MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-39753MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39751MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39748MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39747MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39745MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2021-39744MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2021-39742MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39740MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39690MedMar 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39624MedMar 16, 2022
    risk 0.36cvss 5.5epss 0.00

    In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

  • CVE-2021-39688MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2021-39687MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39666MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39664MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-39631MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed.…

  • CVE-2021-0524MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is…

  • CVE-2021-39659MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.00

    In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User…

Page 144 of 229