Total
237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39898 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. | |||||
CVE-2022-20562 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A | |||||
CVE-2022-20525 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | |||||
CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2023-12-10 | N/A | 3.3 LOW |
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | |||||
CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | |||||
CVE-2022-39894 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | |||||
CVE-2022-20535 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242 | |||||
CVE-2022-39903 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. | |||||
CVE-2022-20526 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774 | |||||
CVE-2022-20556 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667 | |||||
CVE-2022-39914 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. | |||||
CVE-2022-20529 | 1 Google | 1 Android | 2023-12-10 | N/A | 2.4 LOW |
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 | |||||
CVE-2022-42767 | 2 Google, Unisoc | 14 Android, S8012, Sc7731e and 11 more | 2023-12-10 | N/A | 3.3 LOW |
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
CVE-2022-30752 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | |||||
CVE-2022-20335 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725 | |||||
CVE-2022-20252 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224547584 | |||||
CVE-2022-20305 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In ContentService, there is a possible disclosure of available account types due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199751623 | |||||
CVE-2022-20307 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-198782887 | |||||
CVE-2022-36856 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | |||||
CVE-2022-33693 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 2.3 LOW |
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |