Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Filtered by product Android
Total 6434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-20146 1 Google 1 Android 2022-06-23 2.1 LOW 5.5 MEDIUM
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A
CVE-2022-20132 1 Google 1 Android 2022-06-23 4.9 MEDIUM 4.6 MEDIUM
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
CVE-2022-20134 1 Google 1 Android 2022-06-23 7.2 HIGH 7.8 HIGH
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397
CVE-2022-20129 1 Google 1 Android 2022-06-23 4.9 MEDIUM 5.5 MEDIUM
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478
CVE-2022-20130 1 Google 1 Android 2022-06-23 10.0 HIGH 9.8 CRITICAL
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
CVE-2022-20127 1 Google 1 Android 2022-06-23 10.0 HIGH 9.8 CRITICAL
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119
CVE-2022-20125 1 Google 1 Android 2022-06-23 7.2 HIGH 6.8 MEDIUM
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515
CVE-2022-20123 1 Google 1 Android 2022-06-23 7.8 HIGH 7.5 HIGH
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424
CVE-2022-20006 1 Google 1 Android 2022-06-15 6.2 MEDIUM 7.0 HIGH
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871
CVE-2022-21760 2 Google, Mediatek 14 Android, Mt6853, Mt6853t and 11 more 2022-06-13 4.9 MEDIUM 4.4 MEDIUM
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562.
CVE-2022-21761 2 Google, Mediatek 44 Android, Mt6761, Mt6762 and 41 more 2022-06-13 4.9 MEDIUM 4.4 MEDIUM
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532.
CVE-2022-21762 2 Google, Mediatek 13 Android, Mt6853, Mt6873 and 10 more 2022-06-13 4.9 MEDIUM 4.4 MEDIUM
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946.
CVE-2022-21759 2 Google, Mediatek 42 Android, Mt6580, Mt6735 and 39 more 2022-06-13 4.6 MEDIUM 6.7 MEDIUM
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077.
CVE-2022-21758 2 Google, Mediatek 55 Android, Mt6739, Mt6750 and 52 more 2022-06-13 4.6 MEDIUM 6.7 MEDIUM
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.
CVE-2022-21757 2 Google, Mediatek 24 Android, Mt6833, Mt6853 and 21 more 2022-06-13 7.8 HIGH 7.5 HIGH
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.
CVE-2022-21756 2 Google, Mediatek 36 Android, Mt6833, Mt6853 and 33 more 2022-06-13 2.1 LOW 4.4 MEDIUM
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950.
CVE-2022-21755 2 Google, Mediatek 64 Android, Mt6731, Mt6732 and 61 more 2022-06-13 2.1 LOW 4.4 MEDIUM
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464.
CVE-2022-21754 2 Google, Mediatek 39 Android, Mt6761, Mt6762 and 36 more 2022-06-13 4.6 MEDIUM 6.7 MEDIUM
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953.
CVE-2022-21752 2 Google, Mediatek 40 Android, Mt6580, Mt6735 and 37 more 2022-06-13 4.6 MEDIUM 6.7 MEDIUM
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873.
CVE-2022-21753 2 Google, Mediatek 40 Android, Mt6580, Mt6735 and 37 more 2022-06-13 4.6 MEDIUM 6.7 MEDIUM
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899.