Skip to main content

Android

7243 CVEs product

Monthly

CVE-2022-20407 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20406 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20405 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20404 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20403 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20402 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20401 HIGH This Week

In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20400 CRITICAL Act Now

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20384 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20383 HIGH This Week

In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20382 MEDIUM This Month

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20381 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20380 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20379 MEDIUM This Month

In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation Memory Corruption RCE +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20378 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20377 MEDIUM This Month

In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20376 MEDIUM This Month

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20375 HIGH This Week

In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Denial Of Service Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20373 MEDIUM This Month

In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20372 MEDIUM This Month

In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation Memory Corruption Buffer Overflow +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20371 MEDIUM This Month

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20370 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20369 MEDIUM PATCH This Month

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20368 HIGH PATCH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20367 MEDIUM This Month

In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20366 MEDIUM This Month

In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20365 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-20252 LOW Monitor

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20251 LOW Monitor

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20250 HIGH This Week

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20249 LOW Monitor

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20248 HIGH This Week

In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20247 HIGH This Week

In Media, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20246 HIGH This Week

In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20245 LOW Monitor

In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2022-20244 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-20243 MEDIUM This Month

In Core Utilities, there is a possible log information disclosure. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20242 MEDIUM This Month

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20241 LOW Monitor

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20237 CRITICAL Act Now

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20180 HIGH This Week

In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20158 MEDIUM PATCH This Month

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Memory Corruption Buffer Overflow +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20361 CRITICAL PATCH Act Now

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-20360 HIGH PATCH This Week

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20358 LOW PATCH Monitor

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-20357 MEDIUM PATCH This Month

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20356 HIGH PATCH This Week

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20355 MEDIUM PATCH This Month

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20354 HIGH PATCH This Week

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20353 MEDIUM PATCH This Month

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20352 MEDIUM PATCH This Month

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20350 MEDIUM PATCH This Month

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20349 HIGH PATCH This Week

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20348 HIGH PATCH This Week

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20347 HIGH PATCH This Week

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-20346 MEDIUM PATCH This Month

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20345 HIGH This Week

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-20344 HIGH PATCH This Week

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20239 CRITICAL Act Now

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-33732 HIGH This Week

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-33731 HIGH This Week

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-33730 MEDIUM This Month

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung RCE Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-33729 LOW Monitor

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33728 LOW Monitor

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33727 MEDIUM This Month

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-33726 LOW Monitor

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33725 LOW Monitor

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33724 LOW Monitor

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33723 MEDIUM This Month

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-33722 LOW Monitor

Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33721 MEDIUM This Month

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-33720 LOW Monitor

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2022-33719 CRITICAL Act Now

Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-33718 LOW Monitor

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33717 MEDIUM This Month

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-33716 MEDIUM This Month

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-33715 MEDIUM This Month

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-33714 LOW Monitor

Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-26436 MEDIUM This Month

In emi mpu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-26435 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26434 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26433 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26432 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26431 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26430 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26429 HIGH This Week

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-26428 MEDIUM This Month

In video codec, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-26427 MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26426 MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21792 MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Denial Of Service +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation +4
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Media, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 2.4
LOW Monitor

In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Google Privilege Escalation +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In Core Utilities, there is a possible log information disclosure. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation +4
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung RCE +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In emi mpu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In video codec, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
Prev Page 37 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy