Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-20080 |
In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2022-20079 |
In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2022-20077 |
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2022-20076 |
In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2022-20075 |
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2022-20074 |
In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2022-20073 |
In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. Published: April 11, 2022; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2022-20069 |
In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160425; Issue ID: ALPS06160425. Published: April 11, 2022; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2022-20068 |
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907. Published: April 11, 2022; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2022-20067 |
In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585. Published: April 11, 2022; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2022-20065 |
In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658. Published: April 11, 2022; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2022-20064 |
In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. Published: April 11, 2022; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2022-20063 |
In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715. Published: April 11, 2022; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2021-39707 |
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991 Published: March 16, 2022; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-39706 |
In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 Published: March 16, 2022; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-39704 |
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 Published: March 16, 2022; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-39692 |
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 Published: March 16, 2022; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-39667 |
In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093 Published: March 16, 2022; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-39624 |
In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-67862680 Published: March 16, 2022; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2021-0957 |
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550 Published: March 16, 2022; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |