VYPR

Vendor CVEs

Google

All CVEs

11,368 total · sorted by risk
  • CVE-2019-2197MedNov 13, 2019
    risk 0.36cvss 5.5epss 0.00

    In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed…

  • CVE-2019-2183MedOct 11, 2019
    risk 0.36cvss 5.5epss 0.00

    In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-2110MedOct 11, 2019
    risk 0.36cvss 5.5epss 0.00

    In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-9427MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9376MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9,…

  • CVE-2019-9369MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407

  • CVE-2019-9312MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9289MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9268MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:…

  • CVE-2019-9243MedSep 27, 2019
    risk 0.36cvss 5.5epss 0.00

    In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android…

  • CVE-2019-2179MedSep 5, 2019
    risk 0.36cvss 5.5epss 0.00

    In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2019-2103MedSep 5, 2019
    risk 0.36cvss 5.5epss 0.00

    In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-2137MedAug 20, 2019
    risk 0.36cvss 5.5epss 0.00

    In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2019-2135MedAug 20, 2019
    risk 0.36cvss 5.5epss 0.01

    In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2019-2113MedJul 8, 2019
    risk 0.36cvss 5.5epss 0.00

    In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:…

  • CVE-2018-20073MedJun 27, 2019
    risk 0.36cvss 5.5epss 0.00

    Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

  • CVE-2019-2101MedJun 7, 2019
    risk 0.36cvss 5.5epss 0.00

    In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2019-5804MedMay 23, 2019
    risk 0.36cvss 5.5epss 0.00

    Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

  • CVE-2019-2038MedApr 19, 2019
    risk 0.36cvss 5.5epss 0.00

    In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2019-2001MedFeb 28, 2019
    risk 0.36cvss 5.5epss 0.00

    The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.

  • CVE-2019-1998MedFeb 28, 2019
    risk 0.36cvss 5.5epss 0.00

    In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-1995MedFeb 28, 2019
    risk 0.36cvss 5.5epss 0.00

    In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional…

  • CVE-2019-5765MedFeb 19, 2019
    risk 0.36cvss 5.5epss 0.01

    An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

  • CVE-2018-9589MedFeb 11, 2019
    risk 0.36cvss 5.5epss 0.00

    In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no…

  • CVE-2018-6147MedJan 9, 2019
    risk 0.36cvss 5.5epss 0.00

    Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

  • CVE-2018-20168MedDec 17, 2018
    risk 0.36cvss 5.5epss 0.00

    Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.

  • CVE-2018-9554MedDec 6, 2018
    risk 0.36cvss 5.5epss 0.00

    In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2018-9552MedDec 6, 2018
    risk 0.36cvss 5.5epss 0.01

    In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9548MedDec 6, 2018
    risk 0.36cvss 5.5epss 0.00

    In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9544MedNov 14, 2018
    risk 0.36cvss 5.5epss 0.00

    In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9543MedNov 14, 2018
    risk 0.36cvss 5.5epss 0.00

    In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2018-9457MedNov 14, 2018
    risk 0.36cvss 5.5epss 0.00

    In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9454MedNov 6, 2018
    risk 0.36cvss 5.5epss 0.00

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9453MedNov 6, 2018
    risk 0.36cvss 5.5epss 0.00

    In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9451MedNov 6, 2018
    risk 0.36cvss 5.5epss 0.00

    In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9444MedNov 6, 2018
    risk 0.36cvss 5.5epss 0.01

    In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for…

  • CVE-2018-9437MedNov 6, 2018
    risk 0.36cvss 5.5epss 0.01

    In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0…

  • CVE-2018-9511MedOct 2, 2018
    risk 0.36cvss 5.5epss 0.00

    In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not…

  • CVE-2018-9499MedOct 2, 2018
    risk 0.36cvss 5.5epss 0.00

    In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9493MedOct 2, 2018
    risk 0.36cvss 5.5epss 0.01

    In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2018-9452MedOct 2, 2018
    risk 0.36cvss 5.5epss 0.01

    In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional…

  • CVE-2017-15844MedSep 18, 2018
    risk 0.36cvss 5.5epss 0.00

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.

  • CVE-2017-14893MedJul 6, 2018
    risk 0.36cvss 5.5epss 0.00

    While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for…

  • CVE-2017-14872MedJul 6, 2018
    risk 0.36cvss 5.5epss 0.00

    While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

  • CVE-2017-18169MedJun 15, 2018
    risk 0.36cvss 5.5epss 0.00

    User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

  • CVE-2016-10420MedApr 18, 2018
    risk 0.36cvss 5.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810,…

  • CVE-2015-9218MedApr 18, 2018
    risk 0.36cvss 5.5epss 0.00

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630,…

  • CVE-2016-10234MedApr 4, 2018
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.

  • CVE-2017-13279MedApr 4, 2018
    risk 0.36cvss 5.5epss 0.01

    In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2017-13275MedApr 4, 2018
    risk 0.36cvss 5.5epss 0.00

    In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1.…

Page 148 of 228