CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score >= 1)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-33704 20 2022-07-12 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
2 CVE-2022-33703 20 2022-07-12 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
3 CVE-2022-33702 863 Bypass 2022-07-12 2022-07-16
2.1
None Local Low Not required None Partial None
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.
4 CVE-2022-33701 829 2022-07-12 2022-07-16
2.1
None Local Low Not required None None Partial
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
5 CVE-2022-33700 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
6 CVE-2022-33699 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
7 CVE-2022-33698 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
8 CVE-2022-33697 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
9 CVE-2022-33696 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
10 CVE-2022-33695 732 2022-07-12 2022-07-15
4.6
None Local Low Not required Partial Partial Partial
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
11 CVE-2022-33694 668 2022-07-12 2022-07-15
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
12 CVE-2022-33693 532 2022-07-12 2022-07-15
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
13 CVE-2022-33692 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
14 CVE-2022-33690 22 Dir. Trav. 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
15 CVE-2022-33689 732 2022-07-12 2022-07-16
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.
16 CVE-2022-33688 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
17 CVE-2022-33687 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
18 CVE-2022-33686 552 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
19 CVE-2022-33685 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.
20 CVE-2022-30758 276 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
21 CVE-2022-30757 863 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
22 CVE-2022-30756 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.
23 CVE-2022-30755 287 Bypass 2022-07-12 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
24 CVE-2022-30754 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.
25 CVE-2022-30753 276 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
26 CVE-2022-30752 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
27 CVE-2022-30751 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
28 CVE-2022-30750 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
29 CVE-2022-30729 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
30 CVE-2022-30728 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
31 CVE-2022-30727 755 2022-06-07 2022-06-11
2.1
None Local Low Not required None Partial None
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
32 CVE-2022-30726 2022-06-07 2022-06-11
4.6
None Local Low Not required Partial Partial Partial
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
33 CVE-2022-30725 755 2022-06-07 2022-06-11
3.3
None Local Network Low Not required Partial None None
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
34 CVE-2022-30724 755 2022-06-07 2022-06-11
3.3
None Local Network Low Not required Partial None None
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
35 CVE-2022-30723 755 2022-06-07 2022-06-11
3.3
None Local Network Low Not required Partial None None
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
36 CVE-2022-30722 Bypass 2022-06-07 2022-06-11
7.5
None Remote Low Not required Partial Partial Partial
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
37 CVE-2022-30721 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
38 CVE-2022-30720 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
39 CVE-2022-30719 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
40 CVE-2022-30717 863 2022-06-07 2022-06-11
5.0
None Remote Low Not required None Partial None
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.
41 CVE-2022-30716 755 2022-06-07 2022-06-11
5.0
None Remote Low Not required Partial None None
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
42 CVE-2022-30715 862 2022-06-07 2022-06-11
5.0
None Remote Low Not required None Partial None
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
43 CVE-2022-30714 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
44 CVE-2022-30713 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
45 CVE-2022-30712 20 2022-06-07 2022-06-11
6.4
None Remote Low Not required Partial Partial None
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
46 CVE-2022-30711 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
47 CVE-2022-30710 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
48 CVE-2022-30709 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
49 CVE-2022-28794 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
50 CVE-2022-28788 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
Total number of vulnerabilities : 4418   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.