Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7841 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-20214 | 1 Google | 1 Android | 2024-08-03 | 4.7 Medium |
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 | ||||
CVE-2022-20197 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300 | ||||
CVE-2022-20164 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A | ||||
CVE-2022-20191 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A | ||||
CVE-2022-20193 | 1 Google | 1 Android | 2024-08-03 | 7.3 High |
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116 | ||||
CVE-2022-20179 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A | ||||
CVE-2022-20177 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A | ||||
CVE-2022-20144 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906 | ||||
CVE-2022-20147 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 | ||||
CVE-2022-20182 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A | ||||
CVE-2022-20192 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712 | ||||
CVE-2022-20238 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555 | ||||
CVE-2022-20159 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A | ||||
CVE-2022-20242 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212 | ||||
CVE-2022-20219 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 | ||||
CVE-2022-20230 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869 | ||||
CVE-2022-20184 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A | ||||
CVE-2022-20241 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011 | ||||
CVE-2022-20225 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213457638 | ||||
CVE-2022-20108 | 3 Google, Linux, Mediatek | 38 Android, Linux Kernel, Mt9011 and 35 more | 2024-08-03 | 6.7 Medium |
In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702. |