VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2021-0959HigJan 14, 2022
    risk 0.51cvss 7.8epss 0.00

    In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39653HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution…

  • CVE-2021-39640HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-1044HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-1040HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-1039HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-1029HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-1028HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-1027HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-1017HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-1004HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2021-1003HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0999HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-0985HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0984HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0981HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2021-0970HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0953HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction…

  • CVE-2021-0932HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is…

  • CVE-2021-0929HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0928HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-0927HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0926HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0924HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0923HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0922HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2021-0799HigDec 15, 2021
    risk 0.51cvss 7.8epss 0.00

    In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0936HigOct 25, 2021
    risk 0.51cvss 7.8epss 0.00

    In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0708HigOct 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0705HigOct 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution…

  • CVE-2021-0652HigOct 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2021-37969HigOct 8, 2021
    risk 0.51cvss 7.8epss 0.01

    Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

  • CVE-2021-0692HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0685HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0684HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0683HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0636HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:…

  • CVE-2021-0635HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:…

  • CVE-2021-0595HigOct 6, 2021
    risk 0.51cvss 7.8epss 0.00

    In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-30605HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

  • CVE-2021-0645HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional…

  • CVE-2021-0640HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0574HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…

  • CVE-2021-30577HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.01

    Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.

  • CVE-2021-0603HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-0602HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2021-0600HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0587HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0586HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-0486HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

Page 70 of 228