Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7841 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20240 | 1 Google | 1 Android | 2024-08-03 | 2.3 Low |
| In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 | ||||
| CVE-2022-20198 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-221851879 | ||||
| CVE-2022-20239 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | ||||
| CVE-2022-20222 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 | ||||
| CVE-2022-20167 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A | ||||
| CVE-2022-20195 | 1 Google | 1 Android | 2024-08-03 | 5.0 Medium |
| In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664 | ||||
| CVE-2022-20178 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A | ||||
| CVE-2022-20183 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A | ||||
| CVE-2022-20155 | 1 Google | 1 Android | 2024-08-03 | 7.0 High |
| In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176754369References: N/A | ||||
| CVE-2022-20174 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A | ||||
| CVE-2022-20151 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
| Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A | ||||
| CVE-2022-20156 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | ||||
| CVE-2022-20145 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | ||||
| CVE-2022-20185 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A | ||||
| CVE-2022-20175 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
| Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A | ||||
| CVE-2022-20154 | 1 Google | 1 Android | 2024-08-03 | 6.4 Medium |
| In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel | ||||
| CVE-2022-20199 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025 | ||||
| CVE-2022-20073 | 2 Google, Mediatek | 44 Android, Mt2601, Mt6580 and 41 more | 2024-08-03 | 6.6 Medium |
| In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. | ||||
| CVE-2022-20188 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
| Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A | ||||
| CVE-2022-20196 | 1 Google | 1 Android | 2024-08-03 | 5.0 Medium |
| In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148 | ||||