Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20199 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025 | |||||
| CVE-2022-20511 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829 | |||||
| CVE-2022-20507 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179 | |||||
| CVE-2022-20509 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317 | |||||
| CVE-2022-20506 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034 | |||||
| CVE-2022-20505 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754 | |||||
| CVE-2022-20504 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553 | |||||
| CVE-2022-20503 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890 | |||||
| CVE-2022-20520 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 | |||||
| CVE-2022-20519 | 1 Google | 1 Android | 2022-12-20 | N/A | 3.3 LOW |
| In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678 | |||||
| CVE-2022-20521 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.0 MEDIUM |
| In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684 | |||||
| CVE-2022-20522 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877 | |||||
| CVE-2022-20523 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508 | |||||
| CVE-2022-20524 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213 | |||||
| CVE-2022-20518 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | |||||
| CVE-2022-20517 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 | |||||
| CVE-2022-20516 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.5 HIGH |
| In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331 | |||||
| CVE-2022-20525 | 1 Google | 1 Android | 2022-12-20 | N/A | 3.3 LOW |
| In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | |||||
| CVE-2022-20538 | 1 Google | 1 Android | 2022-12-19 | N/A | 5.5 MEDIUM |
| In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770 | |||||
| CVE-2022-20540 | 1 Google | 1 Android | 2022-12-19 | N/A | 7.8 HIGH |
| In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 | |||||