Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22268 | 1 Google | 1 Android | 2022-01-14 | 3.6 LOW | 6.1 MEDIUM |
| Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | |||||
| CVE-2022-22270 | 1 Google | 1 Android | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | |||||
| CVE-2022-22267 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 3.3 LOW |
| Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | |||||
| CVE-2022-22266 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 3.3 LOW |
| (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | |||||
| CVE-2022-22264 | 1 Google | 1 Android | 2022-01-14 | 3.6 LOW | 7.1 HIGH |
| Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. | |||||
| CVE-2022-22263 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
| CVE-2022-20018 | 2 Google, Mediatek | 33 Android, Mt6580, Mt6739 and 30 more | 2022-01-11 | 2.1 LOW | 4.4 MEDIUM |
| In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018. | |||||
| CVE-2022-20012 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2022-01-11 | 4.6 MEDIUM | 7.8 HIGH |
| In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478. | |||||
| CVE-2022-20016 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-01-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986. | |||||
| CVE-2022-20023 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6630 and 55 more | 2022-01-11 | 3.3 LOW | 6.5 MEDIUM |
| In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608. | |||||
| CVE-2022-20022 | 2 Google, Mediatek | 29 Android, Mt6580, Mt6630 and 26 more | 2022-01-11 | 3.3 LOW | 6.5 MEDIUM |
| In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578. | |||||
| CVE-2022-20021 | 2 Google, Mediatek | 30 Android, Awus036nh, Mt6580 and 27 more | 2022-01-11 | 3.3 LOW | 6.5 MEDIUM |
| In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513. | |||||
| CVE-2021-43849 | 3 Apple, Cordova Plugin Fingerprint All-in-one Project, Google | 3 Iphone Os, Cordova Plugin Fingerprint All-in-one, Android | 2022-01-11 | 2.1 LOW | 5.5 MEDIUM |
| cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. | |||||
| CVE-2019-9461 | 1 Google | 1 Android | 2022-01-01 | 3.3 LOW | 6.5 MEDIUM |
| In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2221 | 1 Google | 1 Android | 2022-01-01 | 4.6 MEDIUM | 7.8 HIGH |
| In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | |||||
| CVE-2020-0008 | 1 Google | 1 Android | 2022-01-01 | 1.9 LOW | 4.7 MEDIUM |
| In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228 | |||||
| CVE-2020-0007 | 1 Google | 1 Android | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807 | |||||
| CVE-2020-0006 | 1 Google | 1 Android | 2022-01-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828 | |||||
| CVE-2020-0004 | 1 Google | 1 Android | 2022-01-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476 | |||||
| CVE-2020-0002 | 1 Google | 1 Android | 2022-01-01 | 9.3 HIGH | 8.8 HIGH |
| In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711 | |||||