Filtered by vendor Google
Subscribe
Total
254 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20280 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261 | |||||
CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
CVE-2022-39884 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | |||||
CVE-2022-39879 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | |||||
CVE-2022-30757 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | |||||
CVE-2022-33718 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | |||||
CVE-2022-39851 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | |||||
CVE-2022-20241 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011 | |||||
CVE-2022-20309 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694094 | |||||
CVE-2022-20257 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222289114 | |||||
CVE-2022-39848 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | |||||
CVE-2022-20358 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 | |||||
CVE-2022-30751 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | |||||
CVE-2022-39886 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | |||||
CVE-2022-20226 | 1 Google | 1 Android | 2023-12-10 | 3.3 LOW | 3.9 LOW |
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 | |||||
CVE-2022-20318 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694069 | |||||
CVE-2022-20245 | 1 Google | 1 Android | 2023-12-10 | N/A | 2.4 LOW |
In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-215005011 | |||||
CVE-2022-20328 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184948501 | |||||
CVE-2022-20311 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-192663553 | |||||
CVE-2022-26090 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. |