Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7842 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-20555 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233 | ||||
CVE-2022-20530 | 1 Google | 1 Android | 2024-08-03 | 5.3 Medium |
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645 | ||||
CVE-2022-20520 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 | ||||
CVE-2022-20560 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A | ||||
CVE-2022-20537 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169 | ||||
CVE-2022-20554 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596 | ||||
CVE-2022-20570 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A | ||||
CVE-2022-20598 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A | ||||
CVE-2022-20536 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180 | ||||
CVE-2022-20559 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967 | ||||
CVE-2022-20498 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246465319 | ||||
CVE-2022-20561 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A | ||||
CVE-2022-20552 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806 | ||||
CVE-2022-20504 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553 | ||||
CVE-2022-20480 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350 | ||||
CVE-2022-20488 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217 | ||||
CVE-2022-20516 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331 | ||||
CVE-2022-20535 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242 | ||||
CVE-2022-20525 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | ||||
CVE-2022-20508 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614 |