VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2024-23705HigMay 7, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-23704HigMay 7, 2024
    risk 0.51cvss 7.8epss 0.00

    In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2024-0043HigMay 7, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2024-0042HigMay 7, 2024
    risk 0.51cvss 7.8epss 0.00

    In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0025HigMay 7, 2024
    risk 0.51cvss 7.8epss 0.00

    In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0024HigMay 7, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2024-29752HigApr 5, 2024
    risk 0.51cvss 7.8epss 0.00

    In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29741HigApr 5, 2024
    risk 0.51cvss 7.8epss 0.00

    In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27233HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27224HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27222HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2024-27221HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27212HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27210HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25992HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25986HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22008HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0051HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0050HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0049HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0048HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-0046HigMar 11, 2024
    risk 0.51cvss 7.8epss 0.00

    In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-0023HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0021HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-0018HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0015HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21165HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0038HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-0036HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…

  • CVE-2024-0035HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-0034HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0033HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0029HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-0014HigFeb 16, 2024
    risk 0.51cvss 7.8epss 0.00

    In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40115HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40114HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40111HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…

  • CVE-2023-40110HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40109HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40107HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40106HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40100HigFeb 15, 2024
    risk 0.51cvss 7.8epss 0.00

    In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22012HigFeb 7, 2024
    risk 0.51cvss 7.8epss 0.00

    there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-48421HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution…

  • CVE-2023-48409HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2023-48407HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-48402HigDec 8, 2023
    risk 0.51cvss 7.8epss 0.00

    In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-45779HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More…

  • CVE-2023-45777HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-45776HigDec 4, 2023
    risk 0.51cvss 7.8epss 0.00

    In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 61 of 228