VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2018-9477Nov 20, 2024
    risk 0.00cvss epss 0.00

    In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9475Nov 20, 2024
    risk 0.00cvss epss 0.00

    In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed.…

  • CVE-2018-9474Nov 20, 2024
    risk 0.00cvss epss 0.00

    In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9472Nov 20, 2024
    risk 0.00cvss epss 0.00

    In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9471Nov 20, 2024
    risk 0.00cvss epss 0.00

    In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9470Nov 20, 2024
    risk 0.00cvss epss 0.00

    In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9469Nov 20, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed…

  • CVE-2018-9468Nov 20, 2024
    risk 0.00cvss epss 0.00

    In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-10382Nov 20, 2024
    risk 0.00cvss epss 0.00

    There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An…

  • CVE-2018-9467Nov 19, 2024
    risk 0.00cvss epss 0.00

    In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9466Nov 19, 2024
    risk 0.00cvss epss 0.00

    In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9456Nov 19, 2024
    risk 0.00cvss epss 0.00

    In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9440Nov 19, 2024
    risk 0.00cvss epss 0.00

    In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9433Nov 19, 2024
    risk 0.00cvss epss 0.00

    In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9432Nov 19, 2024
    risk 0.00cvss epss 0.00

    In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional…

  • CVE-2018-9428Nov 19, 2024
    risk 0.00cvss epss 0.00

    In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. …

  • CVE-2018-9424Nov 19, 2024
    risk 0.00cvss epss 0.00

    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9421Nov 19, 2024
    risk 0.00cvss epss 0.00

    In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9420Nov 19, 2024
    risk 0.00cvss epss 0.00

    In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9419Nov 19, 2024
    risk 0.00cvss epss 0.00

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9417Nov 19, 2024
    risk 0.00cvss epss 0.00

    In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9412Nov 19, 2024
    risk 0.00cvss epss 0.00

    In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9410Nov 19, 2024
    risk 0.00cvss epss 0.00

    In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9409Nov 19, 2024
    risk 0.00cvss epss 0.00

    In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9372Nov 19, 2024
    risk 0.00cvss epss 0.00

    In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9371Nov 19, 2024
    risk 0.00cvss epss 0.00

    In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with…

  • CVE-2018-9370Nov 19, 2024
    risk 0.00cvss epss 0.00

    In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2018-9369Nov 19, 2024
    risk 0.00cvss epss 0.00

    In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9368Nov 19, 2024
    risk 0.00cvss epss 0.00

    In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system  execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9367Nov 19, 2024
    risk 0.00cvss epss 0.00

    In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9366Nov 19, 2024
    risk 0.00cvss epss 0.00

    In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-11395Nov 19, 2024
    risk 0.00cvss epss 0.00

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2018-9364Nov 19, 2024
    risk 0.00cvss epss 0.00

    In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

  • CVE-2018-9348Nov 19, 2024
    risk 0.00cvss epss 0.00

    In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9346Nov 19, 2024
    risk 0.00cvss epss 0.00

    In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9345Nov 19, 2024
    risk 0.00cvss epss 0.00

    In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9344Nov 19, 2024
    risk 0.00cvss epss 0.00

    In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9341Nov 19, 2024
    risk 0.00cvss epss 0.00

    In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9340Nov 19, 2024
    risk 0.00cvss epss 0.00

    In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.

  • CVE-2018-9339Nov 19, 2024
    risk 0.00cvss epss 0.00

    In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9338Nov 19, 2024
    risk 0.00cvss epss 0.00

    In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2017-13315Nov 19, 2024
    risk 0.00cvss epss 0.00

    In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User…

  • CVE-2017-13313Nov 15, 2024
    risk 0.00cvss epss 0.00

    In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction…

  • CVE-2017-13314Nov 15, 2024
    risk 0.00cvss epss 0.00

    In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the…

  • CVE-2017-13312Nov 15, 2024
    risk 0.00cvss epss 0.00

    In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User…

  • CVE-2017-13311Nov 15, 2024
    risk 0.00cvss epss 0.00

    In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges…

  • CVE-2017-13310Nov 15, 2024
    risk 0.00cvss epss 0.00

    In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed.…

  • CVE-2017-13309Nov 15, 2024
    risk 0.00cvss epss 0.00

    In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2017-13227Nov 14, 2024
    risk 0.00cvss epss 0.00

    In the autofill service, the package name that is provided by the app process is trusted inappropriately.  This could lead to information disclosure with no additional execution privileges needed.  User interaction is not needed for exploitation.

  • CVE-2024-43091Nov 13, 2024
    risk 0.00cvss epss 0.00

    In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 189 of 228