Skip to main content

Android

7243 CVEs product

Monthly

CVE-2022-20362 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20342 LOW Monitor

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20341 MEDIUM This Month

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20340 LOW Monitor

In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20339 LOW Monitor

In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20338 LOW Monitor

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-20336 LOW Monitor

In Settings, there is a possible installed application disclosure due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20335 LOW Monitor

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20334 MEDIUM This Month

In Bluetooth, there are possible process crashes due to dereferencing a null pointer. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20333 MEDIUM This Month

In Bluetooth, there is a possible crash due to a missing null check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20332 MEDIUM This Month

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20331 HIGH This Week

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google XSS Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20330 LOW Monitor

In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2022-20329 HIGH This Week

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20328 LOW Monitor

In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20327 LOW Monitor

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2022-20326 MEDIUM This Month

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20325 HIGH This Week

In Media, there is a possible code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation Memory Corruption RCE +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20324 MEDIUM This Month

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20323 MEDIUM This Month

In PackageManager, there is a possible package installation disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20322 MEDIUM This Month

In PackageManager, there is a possible installed package disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20321 LOW Monitor

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20320 LOW Monitor

In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20319 HIGH This Week

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20318 LOW Monitor

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20317 MEDIUM This Month

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20316 LOW Monitor

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20315 LOW Monitor

In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20314 MEDIUM This Month

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20313 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-20312 MEDIUM This Month

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20311 LOW Monitor

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20310 LOW Monitor

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20309 LOW Monitor

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20308 HIGH This Week

In hostapd, there is a possible insecure configuration due to an insecure default value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20307 LOW Monitor

In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20306 MEDIUM This Month

In Camera Provider HAL, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation Memory Corruption Buffer Overflow +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20305 LOW Monitor

In ContentService, there is a possible disclosure of available account types due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20304 MEDIUM This Month

In Content, there is a possible way to determinate the user's account due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20303 MEDIUM This Month

In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20302 HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2022-20301 MEDIUM This Month

In Content, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20300 MEDIUM This Month

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20299 MEDIUM This Month

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20298 MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20297 HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20296 MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20295 MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20294 MEDIUM This Month

In Content, there is a possible way to learn about an account present on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20293 MEDIUM This Month

In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20292 HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20291 MEDIUM This Month

In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20290 MEDIUM This Month

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20289 MEDIUM This Month

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20288 MEDIUM This Month

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20287 MEDIUM This Month

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20286 HIGH This Week

In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20285 MEDIUM This Month

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20284 MEDIUM This Month

In Telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20283 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20282 HIGH This Week

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20281 HIGH This Week

In Core, there is a possible way to start an activity from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20280 LOW Monitor

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure SQLi Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20279 MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20278 MEDIUM This Month

In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20277 MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20276 MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20275 MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20274 HIGH This Week

In Keyguard, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20273 MEDIUM This Month

In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20272 MEDIUM This Month

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20271 HIGH This Week

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20270 MEDIUM This Month

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20269 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-20268 HIGH This Week

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20267 LOW Monitor

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20266 MEDIUM This Month

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2022-20265 MEDIUM This Month

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-20263 MEDIUM This Month

In ActivityManager, there is a way to read process state for other users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20262 LOW Monitor

In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20261 LOW Monitor

In LocationManager, there is a possible way to get location information due to a missing permission check. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2022-20260 MEDIUM This Month

In the Phone app, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20259 MEDIUM This Month

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20258 HIGH This Week

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20257 LOW Monitor

In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20256 MEDIUM This Month

In the Audio HAL, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20255 MEDIUM This Month

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20254 HIGH This Week

In Wi-Fi, there is a permissions bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20253 MEDIUM This Month

In Bluetooth, there is a possible cleanup failure due to an uncaught exception. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20408 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Settings, there is a possible installed application disclosure due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth, there are possible process crashes due to dereferencing a null pointer. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth, there is a possible crash due to a missing null check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google XSS Privilege Escalation +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 2.8
LOW Monitor

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Media, there is a possible code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In PackageManager, there is a possible package installation disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In PackageManager, there is a possible installed package disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In hostapd, there is a possible insecure configuration due to an insecure default value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Camera Provider HAL, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In ContentService, there is a possible disclosure of available account types due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Content, there is a possible way to determinate the user's account due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 7.6
HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Content, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Content, there is a possible way to learn about an account present on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Core, there is a possible way to start an activity from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure SQLi +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Keyguard, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ActivityManager, there is a way to read process state for other users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 2.3
LOW Monitor

In LocationManager, there is a possible way to get location information due to a missing permission check. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In the Phone app, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In the Audio HAL, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In Wi-Fi, there is a permissions bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth, there is a possible cleanup failure due to an uncaught exception. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
Prev Page 36 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy