Total
8334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1045 | 1 Google | 1 Android | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A | |||||
| CVE-2022-20332 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180019130 | |||||
| CVE-2022-0455 | 1 Google | 2 Android, Chrome | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-0336 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161 | |||||
| CVE-2021-0735 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 | |||||
| CVE-2022-20176 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A | |||||
| CVE-2022-20015 | 2 Google, Mediatek | 25 Android, Mt6739, Mt6757 and 22 more | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966. | |||||
| CVE-2022-20230 | 1 Google | 1 Android | 2023-08-08 | 1.9 LOW | 5.5 MEDIUM |
| In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869 | |||||
| CVE-2022-20129 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | |||||
| CVE-2021-0984 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653 | |||||
| CVE-2021-1037 | 1 Google | 1 Android | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 | |||||
| CVE-2022-20254 | 1 Google | 1 Android | 2023-08-08 | N/A | 8.8 HIGH |
| In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547 | |||||
| CVE-2022-20218 | 1 Google | 1 Android | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044 | |||||
| CVE-2021-0417 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702. | |||||
| CVE-2022-21784 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462. | |||||
| CVE-2021-39631 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 | |||||
| CVE-2021-39670 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139 | |||||
| CVE-2022-20260 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220865698 | |||||
| CVE-2021-0986 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339 | |||||
| CVE-2022-20270 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-209005023 | |||||