Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0646 | 1 Google | 1 Android | 2022-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319 | |||||
| CVE-2021-0583 | 1 Google | 1 Android | 2022-06-28 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956 | |||||
| CVE-2021-0526 | 1 Google | 1 Android | 2022-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264 | |||||
| CVE-2021-0476 | 1 Google | 1 Android | 2022-06-28 | 6.9 MEDIUM | 7.0 HIGH |
| In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 | |||||
| CVE-2021-0652 | 1 Google | 1 Android | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 | |||||
| CVE-2021-0473 | 1 Google | 1 Android | 2022-06-28 | 8.3 HIGH | 8.8 HIGH |
| In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 | |||||
| CVE-2021-0420 | 1 Google | 1 Android | 2022-06-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065. | |||||
| CVE-2021-0446 | 1 Google | 1 Android | 2022-06-28 | 4.4 MEDIUM | 7.3 HIGH |
| In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122 | |||||
| CVE-2021-0655 | 2 Google, Mediatek | 8 Android, Mt6873, Mt6875 and 5 more | 2022-06-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424. | |||||
| CVE-2021-0424 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2022-06-28 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787. | |||||
| CVE-2021-0495 | 1 Google | 1 Android | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 | |||||
| CVE-2021-0321 | 1 Google | 1 Android | 2022-06-28 | 2.1 LOW | 5.5 MEDIUM |
| In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-166667403. | |||||
| CVE-2021-39691 | 1 Google | 1 Android | 2022-06-24 | 6.9 MEDIUM | 7.3 HIGH |
| In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 | |||||
| CVE-2022-20155 | 1 Google | 1 Android | 2022-06-24 | 6.9 MEDIUM | 7.0 HIGH |
| In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176754369References: N/A | |||||
| CVE-2022-20156 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | |||||
| CVE-2022-20145 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | |||||
| CVE-2021-39806 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 | |||||
| CVE-2022-20233 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 6.7 MEDIUM |
| In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A | |||||
| CVE-2022-20210 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888 | |||||
| CVE-2022-20209 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 | |||||