Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20236 | 1 Google | 1 Android | 2022-07-25 | 7.8 HIGH | 7.5 HIGH |
| A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 | |||||
| CVE-2021-25439 | 2 Google, Samsung | 2 Android, Members | 2022-07-25 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
| CVE-2021-25438 | 2 Google, Samsung | 2 Android, Members | 2022-07-25 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. | |||||
| CVE-2022-20216 | 1 Google | 1 Android | 2022-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916 | |||||
| CVE-2022-20212 | 1 Google | 1 Android | 2022-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630 | |||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2022-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | |||||
| CVE-2022-30753 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | |||||
| CVE-2022-30754 | 1 Google | 1 Android | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. | |||||
| CVE-2022-30755 | 1 Google | 1 Android | 2022-07-16 | 4.6 MEDIUM | 7.8 HIGH |
| Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. | |||||
| CVE-2022-30756 | 1 Google | 1 Android | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. | |||||
| CVE-2022-30758 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 5.5 MEDIUM |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | |||||
| CVE-2022-33685 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. | |||||
| CVE-2022-33686 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 2.3 LOW |
| Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | |||||
| CVE-2022-33687 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | |||||
| CVE-2022-33688 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | |||||
| CVE-2022-33690 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. | |||||
| CVE-2022-33691 | 2 Google, Samsung | 2 Android, Exynos 9820 | 2022-07-16 | 1.9 LOW | 4.7 MEDIUM |
| A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. | |||||
| CVE-2022-33692 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. | |||||
| CVE-2022-33696 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. | |||||
| CVE-2022-33697 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | |||||