Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33723 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | |||||
| CVE-2022-20344 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.0 HIGH |
| In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124 | |||||
| CVE-2022-33732 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.1 HIGH |
| Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. | |||||
| CVE-2022-20347 | 1 Google | 1 Android | 2022-08-12 | N/A | 8.8 HIGH |
| In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 | |||||
| CVE-2022-20345 | 1 Google | 1 Android | 2022-08-12 | N/A | 8.8 HIGH |
| In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481 | |||||
| CVE-2022-20346 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.5 MEDIUM |
| In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653 | |||||
| CVE-2022-20353 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256 | |||||
| CVE-2022-20350 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437 | |||||
| CVE-2022-20354 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.8 HIGH |
| In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241 | |||||
| CVE-2022-20355 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290 | |||||
| CVE-2022-20356 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.8 HIGH |
| In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | |||||
| CVE-2022-20361 | 1 Google | 1 Android | 2022-08-12 | N/A | 9.8 CRITICAL |
| In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 | |||||
| CVE-2022-33726 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | |||||
| CVE-2022-33719 | 1 Google | 1 Android | 2022-08-12 | N/A | 9.8 CRITICAL |
| Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | |||||
| CVE-2022-33725 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. | |||||
| CVE-2022-33724 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | |||||
| CVE-2022-33721 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | |||||
| CVE-2022-33728 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. | |||||
| CVE-2022-33718 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | |||||
| CVE-2022-33714 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | |||||