Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20509 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317 | |||||
| CVE-2022-20506 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034 | |||||
| CVE-2022-20505 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754 | |||||
| CVE-2022-20504 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553 | |||||
| CVE-2022-20503 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890 | |||||
| CVE-2022-20520 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 | |||||
| CVE-2022-20519 | 1 Google | 1 Android | 2022-12-20 | N/A | 3.3 LOW |
| In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678 | |||||
| CVE-2022-20521 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.0 MEDIUM |
| In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684 | |||||
| CVE-2022-20522 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877 | |||||
| CVE-2022-20523 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508 | |||||
| CVE-2022-20524 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213 | |||||
| CVE-2022-20518 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | |||||
| CVE-2022-20517 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 | |||||
| CVE-2022-20538 | 1 Google | 1 Android | 2022-12-19 | N/A | 5.5 MEDIUM |
| In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770 | |||||
| CVE-2022-20539 | 1 Google | 1 Android | 2022-12-19 | N/A | 6.7 MEDIUM |
| In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425 | |||||
| CVE-2022-20540 | 1 Google | 1 Android | 2022-12-19 | N/A | 7.8 HIGH |
| In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 | |||||
| CVE-2022-20541 | 1 Google | 1 Android | 2022-12-19 | N/A | 4.2 MEDIUM |
| In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126 | |||||
| CVE-2022-20544 | 1 Google | 1 Android | 2022-12-19 | N/A | 4.4 MEDIUM |
| In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070 | |||||
| CVE-2022-20545 | 1 Google | 1 Android | 2022-12-19 | N/A | 7.5 HIGH |
| In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697 | |||||
| CVE-2022-20546 | 1 Google | 1 Android | 2022-12-19 | N/A | 6.7 MEDIUM |
| In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798 | |||||