VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2023-21003HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21002HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-21001HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-21000HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:…

  • CVE-2023-20995HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20993HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20985HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20975HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2023-20971HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-20966HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2023-20964HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20959HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20957HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20955HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2023-20953HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-20947HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20936HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20931HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20917HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20911HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20906HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no…

  • CVE-2022-20542HigMar 24, 2023
    risk 0.51cvss 7.8epss 0.00

    In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20945HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20944HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20943HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2023-20940HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20939HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20938HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20934HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-20933HigFeb 28, 2023
    risk 0.51cvss 7.8epss 0.00

    In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-20927HigFeb 15, 2023
    risk 0.51cvss 7.8epss 0.00

    In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20928HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2023-20925HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20920HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2023-20919HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-20916HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2023-20915HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2023-20913HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed.…

  • CVE-2023-20912HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-20905HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2023-20904HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20493HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20492HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20490HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20489HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20461HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20456HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-42544HigDec 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-42534HigDec 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-42531HigDec 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 65 of 228