Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29193 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2022-05-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | |||||
| CVE-2022-20117 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A | |||||
| CVE-2022-20118 | 1 Google | 1 Android | 2022-05-17 | 6.9 MEDIUM | 7.0 HIGH |
| In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A | |||||
| CVE-2022-20119 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A | |||||
| CVE-2022-20120 | 1 Google | 1 Android | 2022-05-17 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A | |||||
| CVE-2021-39738 | 1 Google | 1 Android | 2022-05-17 | 7.2 HIGH | 7.8 HIGH |
| In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 | |||||
| CVE-2022-20121 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | |||||
| CVE-2021-39700 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
| In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790 | |||||
| CVE-2022-20005 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664 | |||||
| CVE-2022-20007 | 1 Google | 1 Android | 2022-05-16 | 6.2 MEDIUM | 7.0 HIGH |
| In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342 | |||||
| CVE-2022-20008 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 4.6 MEDIUM |
| In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel | |||||
| CVE-2022-20009 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 6.8 MEDIUM |
| In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel | |||||
| CVE-2022-20010 | 1 Google | 1 Android | 2022-05-16 | 3.3 LOW | 6.5 MEDIUM |
| In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176 | |||||
| CVE-2022-20011 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
| In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 | |||||
| CVE-2022-20112 | 1 Google | 1 Android | 2022-05-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762 | |||||
| CVE-2022-20113 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517 | |||||
| CVE-2022-20114 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016 | |||||
| CVE-2022-20115 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
| In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427 | |||||
| CVE-2022-20116 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440 | |||||