VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2020-0417HigJul 14, 2021
    risk 0.51cvss 7.8epss 0.00

    In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0608HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0607HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0550HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2021-0548HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0547HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations…

  • CVE-2021-0539HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2021-0536HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0571HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no…

  • CVE-2021-0570HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0568HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0567HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0534HigJun 22, 2021
    risk 0.51cvss 7.8epss 0.00

    In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0530HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0513HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed.…

  • CVE-2021-0512HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0505HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0478HigJun 21, 2021
    risk 0.51cvss 7.8epss 0.00

    In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is…

  • CVE-2021-0498HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…

  • CVE-2021-0495HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0494HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0492HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0487HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2021-0485HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0481HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.01

    In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0477HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0472HigJun 11, 2021
    risk 0.51cvss 7.8epss 0.00

    In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0445HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0442HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0439HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2021-0438HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2021-0437HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0429HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2021-0427HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0426HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.00

    In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-0465HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0464HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-0389HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0388HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges…

  • CVE-2021-0386HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0385HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional…

  • CVE-2021-0383HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0380HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges…

  • CVE-2021-0399HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-0398HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0395HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0393HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is…

  • CVE-2021-0392HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

  • CVE-2021-0391HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.01

    In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is…

  • CVE-2021-0390HigMar 10, 2021
    risk 0.51cvss 7.8epss 0.00

    In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges…

Page 71 of 228