CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30756 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.
2 CVE-2022-30754 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.
3 CVE-2022-30722 Bypass 2022-06-07 2022-06-11
7.5
None Remote Low Not required Partial Partial Partial
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
4 CVE-2022-28781 20 2022-05-03 2022-05-11
7.2
None Local Low Not required Complete Complete Complete
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
5 CVE-2022-27836 22 Dir. Trav. 2022-04-11 2022-04-27
7.2
None Local Low Not required Complete Complete Complete
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.
6 CVE-2022-27830 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
7 CVE-2022-27829 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
8 CVE-2022-27828 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
9 CVE-2022-27827 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
10 CVE-2022-27826 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
11 CVE-2022-27574 787 2022-04-11 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
12 CVE-2022-27567 476 2022-04-11 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
13 CVE-2022-26097 476 2022-04-11 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
14 CVE-2022-26096 476 2022-04-11 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
15 CVE-2022-26095 476 2022-04-11 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
16 CVE-2022-26094 476 2022-04-11 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
17 CVE-2022-26093 476 2022-04-11 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
18 CVE-2022-26092 787 Exec Code 2022-04-11 2022-04-19
7.2
None Local Low Not required Complete Complete Complete
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
19 CVE-2022-25818 119 Exec Code Overflow 2022-03-10 2022-03-16
7.5
None Remote Low Not required Partial Partial Partial
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
20 CVE-2022-25328 78 2022-02-25 2022-03-07
7.2
None Local Low Not required Complete Complete Complete
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above
21 CVE-2022-24928 2022-03-10 2022-03-16
7.2
None Local Low Not required Complete Complete Complete
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
22 CVE-2022-23587 190 Overflow 2022-02-04 2022-02-10
7.5
None Remote Low Not required Partial Partial Partial
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
23 CVE-2022-20236 119 Overflow 2022-07-13 2022-07-25
7.8
None Remote Low Not required None None Complete
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709
24 CVE-2022-20233 787 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A
25 CVE-2022-20223 610 2022-07-13 2022-07-26
7.2
None Local Low Not required Complete Complete Complete
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534
26 CVE-2022-20220 22 Dir. Trav. Bypass 2022-07-13 2022-07-25
7.2
None Local Low Not required Complete Complete Complete
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884
27 CVE-2022-20190 2022-06-15 2022-06-24
7.8
None Remote Low Not required Complete None None
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A
28 CVE-2022-20186 20 Exec Code 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A
29 CVE-2022-20181 2022-06-15 2022-06-24
7.8
None Remote Low Not required None None Complete
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A
30 CVE-2022-20168 2022-06-15 2022-06-24
7.8
None Remote Low Not required None None Complete
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A
31 CVE-2022-20156 20 Exec Code 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A
32 CVE-2022-20153 416 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel
33 CVE-2022-20147 787 2022-06-15 2022-06-23
7.2
None Local Low Not required Complete Complete Complete
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105
34 CVE-2022-20144 2022-06-15 2022-12-13
7.2
None Local Low Not required Complete Complete Complete
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906
35 CVE-2022-20142 Exec Code 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
36 CVE-2022-20138 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
37 CVE-2022-20135 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465
38 CVE-2022-20134 20 2022-06-15 2022-06-23
7.2
None Local Low Not required Complete Complete Complete
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397
39 CVE-2022-20133 Bypass 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679
40 CVE-2022-20131 787 2022-06-15 2022-06-24
7.8
None Remote Low Not required Complete None None
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662
41 CVE-2022-20125 Bypass 2022-06-15 2022-06-23
7.2
None Local Low Not required Complete Complete Complete
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515
42 CVE-2022-20124 Bypass 2022-06-15 2022-12-13
7.2
None Local Low Not required Complete Complete Complete
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-170646036
43 CVE-2022-20123 125 2022-06-15 2022-06-23
7.8
None Remote Low Not required Complete None None
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424
44 CVE-2022-20116 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440
45 CVE-2022-20114 269 Bypass 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016
46 CVE-2022-20113 Exec Code 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517
47 CVE-2022-20009 787 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel
48 CVE-2022-20005 Exec Code 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664
49 CVE-2022-20004 276 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767
50 CVE-2021-39814 787 2022-04-12 2022-04-20
7.2
None Local Low Not required Complete Complete Complete
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A
Total number of vulnerabilities : 1337   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.