U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:/o:google:android:12.0
There are 1,765 matching records.
Displaying matches 1,361 through 1,380.
Vuln ID Summary CVSS Severity
CVE-2022-21772

In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493842; Issue ID: ALPS06493842.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-21771

In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-21770

In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-21769

In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2022-21768

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 8.3 HIGH
CVE-2022-21767

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 8.3 HIGH
CVE-2022-21766

In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-21765

In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-21764

In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-21763

In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708.

Published: July 06, 2022; 10:15:17 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-20082

In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730.

Published: July 06, 2022; 10:15:16 AM -0400
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2022-20147

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105

Published: June 15, 2022; 10:15:11 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-20143

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360

Published: June 15, 2022; 10:15:11 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-20142

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962

Published: June 15, 2022; 10:15:11 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-20140

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988

Published: June 15, 2022; 10:15:11 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-20138

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972

Published: June 15, 2022; 10:15:11 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-20137

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392

Published: June 15, 2022; 9:15:08 AM -0400
V4.0:(not available)
V3.1: 7.3 HIGH
V2.0: 6.9 MEDIUM
CVE-2022-20135

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465

Published: June 15, 2022; 9:15:08 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-20134

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397

Published: June 15, 2022; 9:15:08 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-20133

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679

Published: June 15, 2022; 9:15:08 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH