Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33704 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 8.5 HIGH |
|
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
|
|||||
| CVE-2022-33703 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 8.5 HIGH |
|
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
|
|||||
| CVE-2022-33702 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.
|
|||||
| CVE-2022-33701 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
|
|||||
| CVE-2022-33700 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.0 LOW |
|
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
|
|||||
| CVE-2022-33699 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.0 LOW |
|
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
|
|||||
| CVE-2022-33698 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
|
|||||
| CVE-2022-33697 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
|
|||||
| CVE-2022-33696 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
|
|||||
| CVE-2022-33695 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.1 MEDIUM |
|
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
|
|||||
| CVE-2022-33694 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
|
|||||
| CVE-2022-33693 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.0 LOW |
|
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
|
|||||
| CVE-2022-33692 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
|
|||||
| CVE-2022-33691 | 2 Google, Samsung | 2 Android, Exynos 9820 | 2024-11-21 | 1.9 LOW | 6.2 MEDIUM |
|
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
|
|||||
| CVE-2022-33690 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
|
|||||
| CVE-2022-33689 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.
|
|||||
| CVE-2022-33688 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
|
|||||
| CVE-2022-33687 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
|
|||||
| CVE-2022-33686 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
|
|||||
| CVE-2022-33685 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.
|
|||||
| CVE-2022-32593 | 2 Google, Mediatek | 2 Android, Mt6983 | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493.
|
|||||
| CVE-2022-32592 | 3 Google, Linuxfoundation, Mediatek | 17 Android, Yocto, Mt6855 and 14 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405.
|
|||||
| CVE-2022-32591 | 2 Google, Mediatek | 38 Android, Mt6580, Mt6739 and 35 more | 2024-11-21 | N/A | 7.5 HIGH |
|
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.
|
|||||
| CVE-2022-32590 | 3 Google, Linuxfoundation, Mediatek | 47 Android, Yocto, Mt6761 and 44 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425.
|
|||||
| CVE-2022-32589 | 3 Google, Linuxfoundation, Mediatek | 43 Android, Yocto, Mt6761 and 40 more | 2024-11-21 | N/A | 7.5 HIGH |
|
In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600.
|
|||||
| CVE-2022-31055 | 1 Google | 1 Kctf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
|
|||||
| CVE-2022-30758 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
|
|||||
| CVE-2022-30757 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
|
|||||
| CVE-2022-30756 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
|
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.
|
|||||
| CVE-2022-30755 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
|
|||||
| CVE-2022-30754 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.5 HIGH |
|
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.
|
|||||
| CVE-2022-30753 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
|
|||||
| CVE-2022-30752 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
|
|||||
| CVE-2022-30751 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
|
|||||
| CVE-2022-30750 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
|
|||||
| CVE-2022-30729 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
|
|||||
| CVE-2022-30728 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
|
|||||
| CVE-2022-30727 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
|
|||||
| CVE-2022-30726 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.2 MEDIUM |
|
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
|
|||||
| CVE-2022-30725 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 4.0 MEDIUM |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
|
|||||