| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-30721 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
2 |
CVE-2022-30720 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
3 |
CVE-2022-30719 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
4 |
CVE-2022-30717 |
863 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. |
|
5 |
CVE-2022-30716 |
755 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. |
|
6 |
CVE-2022-30715 |
862 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. |
|
7 |
CVE-2022-30709 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
8 |
CVE-2022-27825 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
9 |
CVE-2022-27824 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file |
|
10 |
CVE-2022-27823 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
11 |
CVE-2022-20234 |
732 |
|
|
2022-07-13 |
2022-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301 |
|
12 |
CVE-2022-20224 |
125 |
|
|
2022-07-13 |
2022-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646 |
|
13 |
CVE-2022-20209 |
787 |
|
Overflow |
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 |
|
14 |
CVE-2022-20188 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A |
|
15 |
CVE-2022-20184 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A |
|
16 |
CVE-2022-20179 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A |
|
17 |
CVE-2022-20177 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A |
|
18 |
CVE-2022-20175 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A |
|
19 |
CVE-2022-20169 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A |
|
20 |
CVE-2022-20151 |
|
|
|
2022-06-15 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A |
|
21 |
CVE-2022-20149 |
|
|
|
2022-06-15 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A |
|
22 |
CVE-2021-39809 |
125 |
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 |
|
23 |
CVE-2021-39772 |
269 |
|
|
2022-03-30 |
2022-04-06 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 |
|
24 |
CVE-2021-39762 |
125 |
|
Overflow |
2022-03-30 |
2022-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 |
|
25 |
CVE-2021-39726 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A |
|
26 |
CVE-2021-39716 |
|
|
|
2022-03-16 |
2022-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A |
|
27 |
CVE-2021-39677 |
125 |
|
|
2022-02-11 |
2022-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 |
|
28 |
CVE-2021-39646 |
668 |
|
|
2021-12-15 |
2021-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A |
|
29 |
CVE-2021-25516 |
755 |
|
|
2021-12-08 |
2021-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. |
|
30 |
CVE-2021-25485 |
22 |
|
Dir. Trav. |
2021-10-06 |
2021-10-13 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. |
|
31 |
CVE-2021-25483 |
125 |
|
|
2021-10-06 |
2021-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. |
|
32 |
CVE-2021-25426 |
|
|
|
2021-07-08 |
2022-09-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. |
|
33 |
CVE-2021-25417 |
|
|
|
2021-06-11 |
2022-07-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. |
|
34 |
CVE-2021-25337 |
|
|
|
2021-03-04 |
2022-07-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. |
|
35 |
CVE-2021-25330 |
|
|
DoS |
2021-03-02 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. |
|
36 |
CVE-2021-22492 |
120 |
|
Overflow |
2021-01-05 |
2021-01-08 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021). |
|
37 |
CVE-2021-1045 |
668 |
|
|
2021-12-15 |
2021-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A |
|
38 |
CVE-2021-1037 |
668 |
|
|
2022-01-14 |
2022-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 |
|
39 |
CVE-2021-1022 |
476 |
|
DoS |
2021-12-15 |
2021-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180420059 |
|
40 |
CVE-2021-1002 |
125 |
|
|
2021-12-15 |
2021-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433 |
|
41 |
CVE-2021-0965 |
862 |
|
|
2021-12-15 |
2022-07-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 |
|
42 |
CVE-2021-0631 |
125 |
|
DoS |
2021-10-25 |
2021-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435. |
|
43 |
CVE-2021-0630 |
190 |
|
DoS |
2021-10-25 |
2021-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397. |
|
44 |
CVE-2021-0555 |
476 |
|
DoS |
2021-06-22 |
2021-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711 |
|
45 |
CVE-2021-0522 |
125 |
|
|
2021-06-21 |
2021-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139 |
|
46 |
CVE-2021-0517 |
670 |
|
Exec Code |
2021-06-21 |
2021-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823 |
|
47 |
CVE-2021-0466 |
330 |
|
|
2021-06-11 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734 |
|
48 |
CVE-2021-0435 |
665 |
|
Exec Code +Info |
2021-04-13 |
2021-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451 |
|
49 |
CVE-2021-0433 |
269 |
|
Bypass |
2021-04-13 |
2021-04-16 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090 |
|
50 |
CVE-2021-0431 |
125 |
|
|
2021-04-13 |
2021-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901 |
