VYPR

Vendor CVEs

Google

All CVEs

11,366 total · sorted by risk
  • CVE-2022-20325HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-186473060

  • CVE-2022-20319HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20297HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20292HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20286HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20282HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20281HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20274HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206470146

  • CVE-2022-20271HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20268HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterprise managed device with no additional execution privileges needed. User…

  • CVE-2022-20258HigAug 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20383HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20368HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

  • CVE-2022-20250HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20248HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20246HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2022-20180HigAug 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20360HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20356HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2022-20354HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20349HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20348HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2021-39696HigAug 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

  • CVE-2022-20223HigJul 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2022-20220HigJul 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12…

  • CVE-2022-20218HigJul 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20212HigJul 13, 2022
    risk 0.51cvss 7.8epss 0.00

    In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20207HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20204HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2022-20197HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20194HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

  • CVE-2022-20192HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2022-20186HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.01

    In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20156HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20147HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20144HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2022-20138HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution…

  • CVE-2022-20135HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

  • CVE-2022-20134HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2022-20133HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20124HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2021-39738HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20116HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20114HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2022-20113HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20005HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2022-20004HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.00

    In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39812HigApr 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2021-39808HigApr 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2021-39807HigApr 12, 2022
    risk 0.51cvss 7.8epss 0.00

    In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User…

Page 59 of 228