Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39677 | 1 Google | 1 Android | 2022-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 | |||||
| CVE-2021-39666 | 1 Google | 1 Android | 2022-02-17 | 2.1 LOW | 5.5 MEDIUM |
| In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 | |||||
| CVE-2021-39668 | 1 Google | 1 Android | 2022-02-17 | 7.2 HIGH | 7.8 HIGH |
| In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603 | |||||
| CVE-2021-39669 | 1 Google | 1 Android | 2022-02-17 | 4.4 MEDIUM | 7.8 HIGH |
| In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 | |||||
| CVE-2021-39616 | 1 Google | 1 Android | 2022-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 | |||||
| CVE-2021-39631 | 1 Google | 1 Android | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 | |||||
| CVE-2021-39663 | 1 Google | 1 Android | 2022-02-15 | 7.2 HIGH | 7.8 HIGH |
| In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135 | |||||
| CVE-2021-39664 | 1 Google | 1 Android | 2022-02-15 | 1.9 LOW | 5.5 MEDIUM |
| In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029 | |||||
| CVE-2022-20043 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. | |||||
| CVE-2022-20044 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814. | |||||
| CVE-2022-20045 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820. | |||||
| CVE-2022-20046 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 2.1 LOW | 5.5 MEDIUM |
| In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. | |||||
| CVE-2022-20041 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. | |||||
| CVE-2022-20040 | 2 Google, Mediatek | 39 Android, Mt6735, Mt6737 and 36 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID: ALPS06219150. | |||||
| CVE-2022-20039 | 2 Google, Mediatek | 9 Android, Mt6833, Mt6853 and 6 more | 2022-02-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345. | |||||
| CVE-2022-20038 | 2 Google, Mediatek | 9 Android, Mt6833, Mt6853 and 6 more | 2022-02-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183335; Issue ID: ALPS06183335. | |||||
| CVE-2022-20017 | 2 Google, Mediatek | 26 Android, Mt6765, Mt6785 and 23 more | 2022-02-14 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. | |||||
| CVE-2022-20036 | 2 Google, Mediatek | 56 Android, Mt6735, Mt6737 and 53 more | 2022-02-14 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. | |||||
| CVE-2022-20024 | 2 Google, Mediatek | 28 Android, Mt6580, Mt6739 and 25 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. | |||||
| CVE-2022-20037 | 2 Google, Mediatek | 57 Android, Mt6735, Mt6737 and 54 more | 2022-02-14 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. | |||||