Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26094 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2022-26096 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2022-26095 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2022-26097 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2021-39797 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 | |||||
| CVE-2021-39798 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612 | |||||
| CVE-2022-26098 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | |||||
| CVE-2021-39800 | 1 Google | 1 Android | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
| In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel | |||||
| CVE-2021-39801 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel | |||||
| CVE-2022-25832 | 1 Google | 1 Android | 2022-04-18 | 4.6 MEDIUM | 6.8 MEDIUM |
| Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | |||||
| CVE-2022-27835 | 1 Google | 1 Android | 2022-04-18 | 9.3 HIGH | 7.8 HIGH |
| Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | |||||
| CVE-2022-25831 | 1 Google | 1 Android | 2022-04-18 | 1.9 LOW | 4.6 MEDIUM |
| Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | |||||
| CVE-2022-27834 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2022-04-18 | 4.4 MEDIUM | 7.0 HIGH |
| Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | |||||
| CVE-2022-20065 | 2 Google, Mediatek | 30 Android, Mt6580, Mt6737 and 27 more | 2022-04-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658. | |||||
| CVE-2022-20071 | 2 Google, Mediatek | 8 Android, Mt6833, Mt6853 and 5 more | 2022-04-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315. | |||||
| CVE-2019-2101 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
| In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968. | |||||
| CVE-2022-27833 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2022-04-18 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | |||||
| CVE-2022-27832 | 1 Google | 1 Android | 2022-04-18 | 2.1 LOW | 3.3 LOW |
| Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | |||||
| CVE-2022-27831 | 1 Google | 1 Android | 2022-04-18 | 3.6 LOW | 4.4 MEDIUM |
| Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. | |||||
| CVE-2022-27830 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||