CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-33702 863 Bypass 2022-07-12 2022-07-16
2.1
None Local Low Not required None Partial None
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.
2 CVE-2022-33701 829 2022-07-12 2022-07-16
2.1
None Local Low Not required None None Partial
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
3 CVE-2022-33700 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
4 CVE-2022-33699 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
5 CVE-2022-33698 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
6 CVE-2022-33697 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
7 CVE-2022-33696 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
8 CVE-2022-33694 668 2022-07-12 2022-07-15
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
9 CVE-2022-33693 532 2022-07-12 2022-07-15
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
10 CVE-2022-33692 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
11 CVE-2022-33690 22 Dir. Trav. 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
12 CVE-2022-33689 732 2022-07-12 2022-07-16
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.
13 CVE-2022-33688 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
14 CVE-2022-33687 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
15 CVE-2022-33686 552 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
16 CVE-2022-33685 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.
17 CVE-2022-30758 276 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
18 CVE-2022-30757 863 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
19 CVE-2022-30753 276 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
20 CVE-2022-30752 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
21 CVE-2022-30751 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
22 CVE-2022-30750 668 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
23 CVE-2022-30729 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
24 CVE-2022-30728 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
25 CVE-2022-30727 755 2022-06-07 2022-06-11
2.1
None Local Low Not required None Partial None
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
26 CVE-2022-30714 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
27 CVE-2022-28794 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
28 CVE-2022-28788 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
29 CVE-2022-28787 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
30 CVE-2022-28786 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
31 CVE-2022-28785 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
32 CVE-2022-28784 22 Dir. Trav. 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
33 CVE-2022-28782 863 2022-05-03 2022-05-11
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
34 CVE-2022-28780 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
35 CVE-2022-27832 125 DoS 2022-04-11 2022-04-18
2.1
None Local Low Not required None None Partial
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
36 CVE-2022-27822 668 2022-04-11 2022-04-18
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
37 CVE-2022-26090 668 2022-04-11 2022-04-19
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
38 CVE-2022-25833 287 2022-04-11 2022-04-19
2.1
None Local Low Not required Partial None None
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
39 CVE-2022-25820 307 2022-03-10 2022-03-16
2.1
None Local Low Not required Partial None None
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
40 CVE-2022-25817 287 2022-03-10 2022-03-16
2.1
None Local Low Not required None Partial None
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
41 CVE-2022-25816 287 2022-03-10 2022-03-16
2.1
None Local Low Not required None Partial None
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
42 CVE-2022-24932 425 2022-03-10 2022-03-17
2.1
None Local Low Not required None Partial None
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
43 CVE-2022-24929 2022-03-10 2022-03-16
2.1
None Local Low Not required None Partial None
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
44 CVE-2022-24001 2022-02-11 2022-02-22
2.1
None Local Low Not required Partial None None
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.
45 CVE-2022-24000 2022-02-11 2022-02-22
2.1
None Local Low Not required Partial None None
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
46 CVE-2022-23999 2022-02-11 2022-02-22
2.1
None Local Low Not required Partial None None
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
47 CVE-2022-22291 2022-02-11 2022-02-18
2.1
None Local Low Not required Partial None None
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
48 CVE-2022-22272 863 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
49 CVE-2022-22271 20 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
50 CVE-2022-22269 552 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
Total number of vulnerabilities : 578   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.