VYPR

Vendor CVEs

Google

All CVEs

11,372 total · sorted by risk
  • CVE-2020-0390MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:…

  • CVE-2020-0389MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0386MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction…

  • CVE-2020-0385MedSep 17, 2020
    risk 0.36cvss 5.5epss 0.01

    In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0258MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0250MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0249MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0248MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0247MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2020-0239MedAug 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution…

  • CVE-2020-0206MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android…

  • CVE-2020-0197MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0187MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0185MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0178MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0177MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0167MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0159MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0134MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0132MedJun 11, 2020
    risk 0.36cvss 5.5epss 0.00

    In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0121MedJun 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0116MedJun 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0113MedJun 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0106MedMay 14, 2020
    risk 0.36cvss 5.5epss 0.00

    In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0104MedMay 14, 2020
    risk 0.36cvss 5.5epss 0.00

    In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0100MedMay 14, 2020
    risk 0.36cvss 5.5epss 0.00

    In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0091MedMay 14, 2020
    risk 0.36cvss 5.5epss 0.00

    In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700

  • CVE-2020-0090MedMay 14, 2020
    risk 0.36cvss 5.5epss 0.00

    An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048

  • CVE-2020-0064MedMay 14, 2020
    risk 0.36cvss 5.5epss 0.00

    An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855

  • CVE-2020-0087MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0057MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0056MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0055MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0048MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0061MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0035MedMar 10, 2020
    risk 0.36cvss 5.5epss 0.00

    In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0023MedFeb 13, 2020
    risk 0.36cvss 5.5epss 0.00

    In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User…

  • CVE-2020-0020MedFeb 13, 2020
    risk 0.36cvss 5.5epss 0.00

    In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0004MedJan 8, 2020
    risk 0.36cvss 5.5epss 0.00

    In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-9465MedJan 7, 2020
    risk 0.36cvss 5.5epss 0.00

    In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2019-9472MedJan 6, 2020
    risk 0.36cvss 5.5epss 0.00

    In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android…

  • CVE-2019-9464MedDec 6, 2019
    risk 0.36cvss 5.5epss 0.00

    In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional…

  • CVE-2019-2229MedDec 6, 2019
    risk 0.36cvss 5.5epss 0.00

    In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2226MedDec 6, 2019
    risk 0.36cvss 5.5epss 0.00

    In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2220MedDec 6, 2019
    risk 0.36cvss 5.5epss 0.00

    In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-5868MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.01

    Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-5860MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.01

    Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-13707MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.00

    Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

  • CVE-2019-2198MedNov 13, 2019
    risk 0.36cvss 5.5epss 0.00

    In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9…

  • CVE-2019-2197MedNov 13, 2019
    risk 0.36cvss 5.5epss 0.00

    In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed…

Page 147 of 228