Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20355 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290 | |||||
| CVE-2022-20356 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.8 HIGH |
| In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | |||||
| CVE-2022-20361 | 1 Google | 1 Android | 2022-08-12 | N/A | 9.8 CRITICAL |
| In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 | |||||
| CVE-2022-33726 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | |||||
| CVE-2022-33719 | 1 Google | 1 Android | 2022-08-12 | N/A | 9.8 CRITICAL |
| Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | |||||
| CVE-2022-33721 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | |||||
| CVE-2022-33724 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | |||||
| CVE-2022-33725 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. | |||||
| CVE-2022-33728 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. | |||||
| CVE-2022-33714 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | |||||
| CVE-2022-33718 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | |||||
| CVE-2022-33729 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-33730 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.8 MEDIUM |
| Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. | |||||
| CVE-2022-33731 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.1 HIGH |
| Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. | |||||
| CVE-2022-33717 | 1 Google | 1 Android | 2022-08-12 | N/A | 4.4 MEDIUM |
| A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. | |||||
| CVE-2022-33722 | 1 Google | 1 Android | 2022-08-11 | N/A | 3.3 LOW |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | |||||
| CVE-2022-33716 | 1 Google | 1 Android | 2022-08-11 | N/A | 4.4 MEDIUM |
| An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | |||||
| CVE-2020-0368 | 1 Google | 1 Android | 2022-08-06 | 2.1 LOW | 3.3 LOW |
| In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 | |||||
| CVE-2022-1799 | 1 Google | 1 Google Play Services Software Development Kit | 2022-08-05 | N/A | 9.8 CRITICAL |
| Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release. | |||||
| CVE-2022-26430 | 3 Google, Mediatek, Yoctoproject | 25 Android, Mt6833, Mt6853 and 22 more | 2022-08-05 | N/A | 6.7 MEDIUM |
| In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521. | |||||