Filtered by vendor Google
Subscribe
Total
254 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-24929 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | |||||
CVE-2022-30728 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||||
CVE-2022-30714 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||||
CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
CVE-2022-27576 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | |||||
CVE-2022-25833 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. | |||||
CVE-2022-27575 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | |||||
CVE-2021-39739 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 | |||||
CVE-2022-28784 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. | |||||
CVE-2022-27832 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | |||||
CVE-2022-28794 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | |||||
CVE-2022-24000 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||||
CVE-2022-25817 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||||
CVE-2022-23999 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||||
CVE-2021-25451 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. | |||||
CVE-2021-25501 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. | |||||
CVE-2022-0317 | 1 Google | 1 Go-attestation | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above. | |||||
CVE-2021-25513 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 2.4 LOW |
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | |||||
CVE-2021-0989 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812 | |||||
CVE-2021-25472 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. |