Skip to main content

Android

7243 CVEs product

Monthly

CVE-2022-20197 HIGH This Week

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20196 MEDIUM This Month

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2022-20195 MEDIUM This Month

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Denial Of Service Google Android
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2022-20194 HIGH This Week

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20193 HIGH This Week

In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-20192 HIGH This Week

In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20191 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20190 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20188 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20186 HIGH This Week

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-20185 MEDIUM This Month

In TBD of TBD, there is a possible use after free bug. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Google Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20184 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20183 MEDIUM This Month

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20182 MEDIUM This Month

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20181 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20179 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20178 MEDIUM This Month

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20177 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20176 MEDIUM This Month

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20175 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20174 MEDIUM This Month

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20173 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20172 MEDIUM This Month

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20171 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20170 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20169 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20168 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20167 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20166 MEDIUM PATCH This Month

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20165 MEDIUM This Month

In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20164 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20162 MEDIUM This Month

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20160 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20159 MEDIUM This Month

In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20156 HIGH This Week

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20155 HIGH This Week

In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20154 MEDIUM This Month

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20153 MEDIUM This Month

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20152 MEDIUM This Month

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20151 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20149 HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20148 MEDIUM This Month

In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20147 HIGH This Week

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20146 MEDIUM This Month

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20145 CRITICAL Act Now

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2022-20144 HIGH This Week

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20143 MEDIUM This Month

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20142 HIGH This Week

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20141 HIGH This Week

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20140 CRITICAL Act Now

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2022-20138 HIGH This Week

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20137 HIGH PATCH This Week

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-20135 HIGH This Week

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20134 HIGH This Week

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20133 HIGH This Week

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20132 MEDIUM This Month

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-20131 HIGH This Week

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20130 CRITICAL Act Now

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
8.4%
CVE-2022-20129 MEDIUM This Month

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20127 CRITICAL Act Now

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2022-20126 HIGH This Week

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-20125 MEDIUM This Month

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-20124 HIGH This Week

In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20123 HIGH This Week

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-30728 LOW Monitor

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-30727 MEDIUM This Month

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-30729 MEDIUM This Month

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-30726 HIGH This Week

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-30725 MEDIUM This Month

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-30724 MEDIUM This Month

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-30723 MEDIUM This Month

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-30722 CRITICAL Act Now

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-30721 MEDIUM This Month

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-30720 MEDIUM This Month

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-30719 MEDIUM This Month

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-30717 HIGH This Week

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-30716 MEDIUM This Month

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-30715 MEDIUM This Month

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-30714 LOW Monitor

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-30713 CRITICAL Act Now

Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2022-30712 CRITICAL Act Now

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2022-30711 CRITICAL Act Now

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2022-30710 CRITICAL Act Now

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2022-30709 MEDIUM This Month

Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-28794 LOW Monitor

Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-21762 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21761 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21760 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21759 MEDIUM This Month

In power service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21758 MEDIUM This Month

In ccu, there is a possible memory corruption due to a double free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Denial Of Service Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In TBD of TBD, there is a possible use after free bug. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Google +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ccu, there is a possible memory corruption due to a double free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
Prev Page 39 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy