Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20280 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261 | |||||
| CVE-2022-20317 | 1 Google | 1 Android | 2022-08-18 | N/A | 5.5 MEDIUM |
| In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199063 | |||||
| CVE-2022-20318 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694069 | |||||
| CVE-2022-20320 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187956596 | |||||
| CVE-2022-20331 | 1 Google | 1 Android | 2022-08-17 | N/A | 7.8 HIGH |
| In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557 | |||||
| CVE-2022-2390 | 1 Google | 1 Google Play Services Software Development Kit | 2022-08-17 | N/A | 8.4 HIGH |
| Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps. | |||||
| CVE-2022-20334 | 1 Google | 1 Android | 2022-08-16 | N/A | 6.5 MEDIUM |
| In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178800552 | |||||
| CVE-2022-20269 | 1 Google | 1 Android | 2022-08-16 | N/A | 6.8 MEDIUM |
| In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-209062898 | |||||
| CVE-2022-20273 | 1 Google | 1 Android | 2022-08-16 | N/A | 6.5 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206478022 | |||||
| CVE-2022-20283 | 1 Google | 1 Android | 2022-08-16 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336 | |||||
| CVE-2022-20333 | 1 Google | 1 Android | 2022-08-16 | N/A | 6.5 MEDIUM |
| In Bluetooth, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-179161657 | |||||
| CVE-2022-20271 | 1 Google | 1 Android | 2022-08-16 | N/A | 7.8 HIGH |
| In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672635 | |||||
| CVE-2022-20272 | 1 Google | 1 Android | 2022-08-16 | N/A | 5.5 MEDIUM |
| In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568 | |||||
| CVE-2022-20286 | 1 Google | 1 Android | 2022-08-16 | N/A | 7.8 HIGH |
| In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230866011 | |||||
| CVE-2013-6668 | 3 Debian, Google, Nodejs | 4 Debian Linux, Chrome, V8 and 1 more | 2022-08-16 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2022-20278 | 1 Google | 1 Android | 2022-08-16 | N/A | 5.5 MEDIUM |
| In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113 | |||||
| CVE-2022-20336 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network during VPN lockdown mode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-177239688 | |||||
| CVE-2022-20335 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725 | |||||
| CVE-2022-20340 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-166269532 | |||||
| CVE-2022-20339 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171572148 | |||||