Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Total 10294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-20236 1 Google 1 Android 2022-07-25 7.8 HIGH 7.5 HIGH
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709
CVE-2021-25439 2 Google, Samsung 2 Android, Members 2022-07-25 2.1 LOW 3.3 LOW
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
CVE-2021-25438 2 Google, Samsung 2 Android, Members 2022-07-25 4.6 MEDIUM 7.8 HIGH
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
CVE-2022-20219 1 Google 1 Android 2022-07-21 2.1 LOW 5.5 MEDIUM
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613
CVE-2022-20218 1 Google 1 Android 2022-07-21 4.4 MEDIUM 7.8 HIGH
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044
CVE-2022-20216 1 Google 1 Android 2022-07-21 10.0 HIGH 9.8 CRITICAL
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916
CVE-2022-20212 1 Google 1 Android 2022-07-21 4.4 MEDIUM 7.8 HIGH
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630
CVE-2022-33712 2 Google, Samsung 2 Android, Camera 2022-07-20 5.0 MEDIUM 5.3 MEDIUM
Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.
CVE-2022-20217 1 Google 1 Android 2022-07-20 N/A 6.5 MEDIUM
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378
CVE-2022-33695 1 Google 1 Android 2022-07-15 4.6 MEDIUM 7.8 HIGH
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
CVE-2022-33694 1 Google 1 Android 2022-07-15 2.1 LOW 3.3 LOW
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
CVE-2022-33693 1 Google 1 Android 2022-07-15 2.1 LOW 2.3 LOW
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
CVE-2022-21787 2 Google, Mediatek 13 Android, Mt6833, Mt6853 and 10 more 2022-07-14 4.6 MEDIUM 6.7 MEDIUM
In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844.
CVE-2021-25501 1 Google 1 Android 2022-07-14 2.1 LOW 3.3 LOW
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
CVE-2021-25431 2 Google, Samsung 2 Android, Cameralyzer 2022-07-14 2.1 LOW 5.5 MEDIUM
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
CVE-2021-25417 1 Google 1 Android 2022-07-14 5.0 MEDIUM 7.5 HIGH
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
CVE-2021-25412 1 Google 1 Android 2022-07-14 7.2 HIGH 7.8 HIGH
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
CVE-2021-25374 2 Google, Samsung 2 Android, Members 2022-07-14 5.0 MEDIUM 7.5 HIGH
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
CVE-2021-25369 1 Google 1 Android 2022-07-14 2.1 LOW 5.5 MEDIUM
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
CVE-2021-25337 1 Google 1 Android 2022-07-14 5.8 MEDIUM 7.1 HIGH
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.