Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7842 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-20339 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171572148 | ||||
CVE-2022-20379 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209436980References: N/A | ||||
CVE-2022-20353 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256 | ||||
CVE-2022-20361 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 | ||||
CVE-2022-20358 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 | ||||
CVE-2022-20406 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A | ||||
CVE-2022-20356 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | ||||
CVE-2022-20399 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel | ||||
CVE-2022-20434 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028 | ||||
CVE-2022-20388 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | ||||
CVE-2022-20348 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529 | ||||
CVE-2022-20368 | 2 Google, Redhat | 4 Android, Enterprise Linux, Rhel Eus and 1 more | 2024-08-03 | 7.8 High |
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | ||||
CVE-2022-20390 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 | ||||
CVE-2022-20346 | 1 Google | 1 Android | 2024-08-03 | 6.5 Medium |
In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653 | ||||
CVE-2022-20316 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190726121 | ||||
CVE-2022-20423 | 1 Google | 1 Android | 2024-08-03 | 4.6 Medium |
In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel | ||||
CVE-2022-20322 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176993 | ||||
CVE-2022-20350 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437 | ||||
CVE-2022-20329 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-183410556 | ||||
CVE-2022-20366 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877745References: N/A |