VYPR

Vendor CVEs

Google

All CVEs

11,368 total · sorted by risk
  • CVE-2020-0262HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0089HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0375HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0374HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602

  • CVE-2020-0366HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0360HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0357HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0346HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed…

  • CVE-2020-0345HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721

  • CVE-2020-0341HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0277HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction…

  • CVE-2020-0275HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not…

  • CVE-2020-0267HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.01

    In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is…

  • CVE-2020-0266HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0434HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0433HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0432HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0430HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0387HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0401HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0394HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is…

  • CVE-2020-0391HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0388HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-0074HigSep 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not…

  • CVE-2020-0261HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0257HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0243HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0242HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0241HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0108HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.01

    In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-6510HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.02

    Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-0227HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges…

  • CVE-2020-0226HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0120HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0234HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.00

    In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0233HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2020-0219HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0215HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User…

  • CVE-2020-0210HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0209HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0208HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-0203HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0202HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2020-0188HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0183HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479

  • CVE-2020-0179HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product:…

  • CVE-2020-0166HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0155HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0150HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0137HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

Page 73 of 228