Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30715 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | |||||
CVE-2022-30714 | 1 Google | 1 Android | 2022-06-10 | 2.1 LOW | 3.3 LOW |
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||||
CVE-2022-30713 | 1 Google | 1 Android | 2022-06-10 | 9.4 HIGH | 9.1 CRITICAL |
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
CVE-2022-30712 | 1 Google | 1 Android | 2022-06-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
CVE-2022-30711 | 1 Google | 1 Android | 2022-06-10 | 9.4 HIGH | 9.1 CRITICAL |
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
CVE-2022-30710 | 1 Google | 1 Android | 2022-06-10 | 9.4 HIGH | 9.1 CRITICAL |
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
CVE-2022-30709 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
CVE-2022-28794 | 1 Google | 1 Android | 2022-06-10 | 2.1 LOW | 3.3 LOW |
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | |||||
CVE-2021-39767 | 1 Google | 1 Android | 2022-06-04 | 4.6 MEDIUM | 7.8 HIGH |
In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 | |||||
CVE-2022-20064 | 2 Google, Mediatek | 37 Android, Mt6580, Mt6737 and 34 more | 2022-06-03 | 7.2 HIGH | 6.7 MEDIUM |
In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. | |||||
CVE-2019-2201 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2022-06-02 | 9.3 HIGH | 7.8 HIGH |
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338 | |||||
CVE-2022-23278 | 4 Apple, Google, Linux and 1 more | 11 Macos, Android, Linux Kernel and 8 more | 2022-05-23 | 4.3 MEDIUM | 5.9 MEDIUM |
Microsoft Defender for Endpoint Spoofing Vulnerability. | |||||
CVE-2021-39670 | 1 Google | 1 Android | 2022-05-17 | 4.9 MEDIUM | 5.5 MEDIUM |
In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139 | |||||
CVE-2022-20117 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A | |||||
CVE-2022-20118 | 1 Google | 1 Android | 2022-05-17 | 6.9 MEDIUM | 7.0 HIGH |
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A | |||||
CVE-2022-20119 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A | |||||
CVE-2022-20120 | 1 Google | 1 Android | 2022-05-17 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A | |||||
CVE-2022-20121 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | |||||
CVE-2021-39738 | 1 Google | 1 Android | 2022-05-17 | 7.2 HIGH | 7.8 HIGH |
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 | |||||
CVE-2021-39700 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790 |