CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-33704 20 2022-07-12 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
2 CVE-2022-33703 20 2022-07-12 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
3 CVE-2022-33695 732 2022-07-12 2022-07-15
4.6
None Local Low Not required Partial Partial Partial
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
4 CVE-2022-30755 287 Bypass 2022-07-12 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
5 CVE-2022-30726 2022-06-07 2022-06-11
4.6
None Local Low Not required Partial Partial Partial
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
6 CVE-2022-27821 125 DoS 2022-04-11 2022-04-18
4.3
None Remote Medium Not required None None Partial
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
7 CVE-2022-27576 668 2022-04-11 2022-04-18
4.3
None Remote Medium Not required Partial None None
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
8 CVE-2022-27575 668 2022-04-11 2022-04-18
4.3
None Remote Medium Not required Partial None None
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.
9 CVE-2022-26091 287 Bypass 2022-04-11 2022-04-19
4.6
None Local Low Not required Partial Partial Partial
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.
10 CVE-2022-25832 287 2022-04-11 2022-04-18
4.6
None Local Low Not required Partial Partial Partial
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.
11 CVE-2022-25822 416 2022-03-10 2022-03-16
4.9
None Local Low Not required None None Complete
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
12 CVE-2022-25815 2022-03-10 2022-03-16
4.6
None Local Low Not required Partial Partial Partial
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
13 CVE-2022-25814 2022-03-10 2022-03-16
4.6
None Local Low Not required Partial Partial Partial
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
14 CVE-2022-24931 863 2022-03-10 2022-03-17
4.6
None Local Low Not required Partial Partial Partial
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
15 CVE-2022-22292 2022-02-11 2022-02-18
4.6
None Local Low Not required Partial Partial Partial
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
16 CVE-2022-22270 552 2022-01-10 2022-01-14
4.3
None Remote Medium Not required Partial None None
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
17 CVE-2022-20228 416 Mem. Corr. 2022-07-13 2022-07-25
4.3
None Remote Medium Not required Partial None None
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092
18 CVE-2022-20218 269 Exec Code 2022-07-13 2022-07-21
4.4
None Local Medium Not required Partial Partial Partial
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044
19 CVE-2022-20212 1021 2022-07-13 2022-07-21
4.4
None Local Medium Not required Partial Partial Partial
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630
20 CVE-2022-20207 Bypass 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714
21 CVE-2022-20204 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100
22 CVE-2022-20203 2022-06-15 2022-06-27
4.6
None Local Low Not required Partial Partial Partial
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.
23 CVE-2022-20202 787 Overflow 2022-06-15 2022-06-24
4.3
None Remote Medium Not required Partial None None
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614
24 CVE-2022-20201 787 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817
25 CVE-2022-20197 Bypass 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300
26 CVE-2022-20194 Bypass 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510
27 CVE-2022-20193 Exec Code 2022-06-15 2022-06-24
4.4
None Local Medium Not required Partial Partial Partial
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116
28 CVE-2022-20192 Bypass 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712
29 CVE-2022-20185 416 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A
30 CVE-2022-20183 787 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A
31 CVE-2022-20178 787 Overflow 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A
32 CVE-2022-20166 787 Overflow 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel
33 CVE-2022-20165 125 2022-06-15 2022-06-24
4.9
None Local Low Not required Complete None None
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A
34 CVE-2022-20162 125 2022-06-15 2022-06-24
4.9
None Local Low Not required Complete None None
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A
35 CVE-2022-20159 125 2022-06-15 2022-06-23
4.9
None Local Low Not required Complete None None
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A
36 CVE-2022-20154 362 2022-06-15 2022-06-24
4.4
None Local Medium Not required Partial Partial Partial
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel
37 CVE-2022-20152 787 2022-06-15 2022-06-23
4.6
None Local Low Not required Partial Partial Partial
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A
38 CVE-2022-20143 400 DoS 2022-06-15 2022-06-24
4.9
None Local Low Not required None None Complete
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360
39 CVE-2022-20132 125 2022-06-15 2022-06-23
4.9
None Local Low Not required Complete None None
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
40 CVE-2022-20129 20 DoS 2022-06-15 2022-06-23
4.9
None Local Low Not required None None Complete
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478
41 CVE-2022-20112 269 Bypass 2022-05-10 2022-05-16
4.9
None Local Low Not required None None Complete
In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762
42 CVE-2022-20002 863 2022-03-30 2022-04-05
4.6
None Local Low Not required Partial Partial Partial
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657
43 CVE-2021-39806 415 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420
44 CVE-2021-39804 476 DoS Exec Code 2022-04-12 2022-04-20
4.3
None Remote Medium Not required None None Partial
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587
45 CVE-2021-39803 416 2022-04-12 2022-07-12
4.3
None Remote Medium Not required Partial None None
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350
46 CVE-2021-39789 863 2022-03-30 2022-04-05
4.6
None Local Low Not required Partial Partial Partial
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906
47 CVE-2021-39786 787 2022-03-30 2022-04-05
4.6
None Local Low Not required Partial Partial Partial
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247
48 CVE-2021-39784 269 2022-03-30 2022-04-05
4.6
None Local Low Not required Partial Partial Partial
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477
49 CVE-2021-39783 269 2022-03-30 2022-04-05
4.6
None Local Low Not required Partial Partial Partial
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597
50 CVE-2021-39782 269 2022-03-30 2022-04-05
4.6
None Local Low Not required Partial Partial Partial
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015
Total number of vulnerabilities : 1137   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.