VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2021-39758HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39752HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39750HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39749HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39746HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39743HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39741HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

  • CVE-2021-1033HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-1000HigMar 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39734HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-39732HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39714HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-39709HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-39707HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39706HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.01

    In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-39704HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2021-39703HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39701HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution…

  • CVE-2021-39698HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-39697HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2021-39695HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39694HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39693HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-39692HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.01

    In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-39685HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0957HigMar 16, 2022
    risk 0.51cvss 7.8epss 0.00

    In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-0301HigFeb 12, 2022
    risk 0.51cvss 7.8epss 0.00

    Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-39676HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39674HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2021-39672HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID:…

  • CVE-2021-39669HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2021-39668HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed…

  • CVE-2021-39663HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-39662HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2021-39619HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.00

    In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-39684HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39682HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39681HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-39678HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In of , there is a possible bypass of Factory Reset Protection due to . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-39634HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References:…

  • CVE-2021-39632HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39630HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39627HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-39626HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39622HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39621HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-39620HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39618HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed…

  • CVE-2021-1036HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-1035HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

Page 69 of 228