Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20268 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterprise managed device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-210468836 | |||||
| CVE-2022-47359 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||
| CVE-2022-20493 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 | |||||
| CVE-2022-20218 | 1 Google | 1 Android | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044 | |||||
| CVE-2022-20290 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203549963 | |||||
| CVE-2022-0799 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. | |||||
| CVE-2021-39757 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 | |||||
| CVE-2021-0735 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 | |||||
| CVE-2022-20279 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204877302 | |||||
| CVE-2022-0806 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-47328 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-42544 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 | |||||
| CVE-2022-20254 | 1 Google | 1 Android | 2023-08-08 | N/A | 8.8 HIGH |
| In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547 | |||||
| CVE-2022-1867 | 1 Google | 1 Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. | |||||
| CVE-2022-47333 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-1874 | 2 Apple, Google | 2 Macos, Chrome | 2023-08-08 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. | |||||
| CVE-2022-20483 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.5 HIGH |
| In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126 | |||||
| CVE-2021-1037 | 1 Google | 1 Android | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 | |||||
| CVE-2021-39631 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 | |||||
| CVE-2022-20484 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851 | |||||