VYPR

Vendor CVEs

Google

All CVEs

11,473 total · sorted by risk
  • CVE-2025-26420Sep 4, 2025
    risk 0.00cvss epss 0.00

    In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2025-22425Sep 4, 2025
    risk 0.00cvss epss 0.00

    In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2025-0087Sep 4, 2025
    risk 0.00cvss epss 0.00

    In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-0077Sep 4, 2025
    risk 0.00cvss epss 0.00

    In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-49739Sep 4, 2025
    risk 0.00cvss epss 0.00

    In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35657Sep 4, 2025
    risk 0.00cvss epss 0.00

    In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36887Sep 4, 2025
    risk 0.00cvss epss 0.00

    In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-56190Sep 4, 2025
    risk 0.00cvss epss 0.00

    In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-56189Sep 4, 2025
    risk 0.00cvss epss 0.00

    In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-36909Sep 4, 2025
    risk 0.00cvss epss 0.00

    Information disclosure

  • CVE-2025-36908Sep 4, 2025
    risk 0.00cvss epss 0.00

    In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36907Sep 4, 2025
    risk 0.00cvss epss 0.00

    In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User…

  • CVE-2025-36906Sep 4, 2025
    risk 0.00cvss epss 0.00

    In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36905Sep 4, 2025
    risk 0.00cvss epss 0.00

    In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36904Sep 4, 2025
    risk 0.00cvss epss 0.00

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.

  • CVE-2025-36903Sep 4, 2025
    risk 0.00cvss epss 0.00

    In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36902Sep 4, 2025
    risk 0.00cvss epss 0.00

    In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36901Sep 4, 2025
    risk 0.00cvss epss 0.00

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.

  • CVE-2025-36900Sep 4, 2025
    risk 0.00cvss epss 0.00

    In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36899Sep 4, 2025
    risk 0.00cvss epss 0.00

    There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36898Sep 4, 2025
    risk 0.00cvss epss 0.00

    There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36897Sep 4, 2025
    risk 0.00cvss epss 0.00

    In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36896Sep 4, 2025
    risk 0.00cvss epss 0.00

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.

  • CVE-2025-36895Sep 4, 2025
    risk 0.00cvss epss 0.00

    Information disclosure

  • CVE-2025-36894Sep 4, 2025
    risk 0.00cvss epss 0.00

    In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36893Sep 4, 2025
    risk 0.00cvss epss 0.00

    In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-36892Sep 4, 2025
    risk 0.00cvss epss 0.00

    Denial of service

  • CVE-2025-36891Sep 4, 2025
    risk 0.00cvss epss 0.00

    Elevation of privilege

  • CVE-2025-36890Sep 4, 2025
    risk 0.00cvss epss 0.00

    Elevation of Privilege

  • CVE-2025-9867Sep 3, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-9866Sep 3, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-9865Sep 3, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-26416Sep 2, 2025
    risk 0.00cvss epss 0.00

    In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22442Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2025-22439Sep 2, 2025
    risk 0.00cvss epss 0.00

    In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…

  • CVE-2025-22438Sep 2, 2025
    risk 0.00cvss epss 0.00

    In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22437Sep 2, 2025
    risk 0.00cvss epss 0.00

    In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2025-22435Sep 2, 2025
    risk 0.00cvss epss 0.00

    In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22434Sep 2, 2025
    risk 0.00cvss epss 0.00

    In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22433Sep 2, 2025
    risk 0.00cvss epss 0.00

    In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2025-22431Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges…

  • CVE-2025-22430Sep 2, 2025
    risk 0.00cvss epss 0.00

    In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22429Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22428Sep 2, 2025
    risk 0.00cvss epss 0.00

    In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…

  • CVE-2025-22427Sep 2, 2025
    risk 0.00cvss epss 0.00

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2025-22423Sep 2, 2025
    risk 0.00cvss epss 0.00

    In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22422Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2025-22421Sep 2, 2025
    risk 0.00cvss epss 0.00

    In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2025-22419Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2025-22418Sep 2, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 184 of 230