Search Results (Refine Search)
- Keyword (text search): android
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-20248 |
In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227619193 Published: August 11, 2022; 11:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-20247 |
In Media, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229858836 Published: August 11, 2022; 11:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-20246 |
In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191 Published: August 11, 2022; 11:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-20245 |
In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-215005011 Published: August 11, 2022; 11:15:10 AM -0400 |
V3.1: 2.4 LOW V2.0:(not available) |
CVE-2022-20244 |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if more than 100 bluetooth devices have been connected with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201083240 Published: August 11, 2022; 11:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-20243 |
In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986 Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2022-20242 |
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212 Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-20241 |
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011 Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-20237 |
In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229621649References: N/A Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-20180 |
In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212804042References: N/A Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-20158 |
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2021-0975 |
In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273 Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-0735 |
In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-0734 |
In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911 Published: August 11, 2022; 11:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-35290 |
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. Published: August 10, 2022; 4:15:53 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-20361 |
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 Published: August 10, 2022; 4:15:28 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-20360 |
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987 Published: August 10, 2022; 4:15:27 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-20358 |
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 Published: August 10, 2022; 4:15:27 PM -0400 |
V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-20357 |
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987 Published: August 10, 2022; 4:15:27 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-20356 |
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 Published: August 10, 2022; 4:15:27 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |