Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12727 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-20013 2 Google, Mediatek 17 Android, Mt6781, Mt6785 and 14 more 2024-11-21 4.4 MEDIUM 6.4 MEDIUM
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.
CVE-2022-20012 2 Google, Mediatek 42 Android, Mt6580, Mt6739 and 39 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.
CVE-2022-20011 1 Google 1 Android 2024-11-21 2.1 LOW 5.5 MEDIUM
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128
CVE-2022-20010 1 Google 1 Android 2024-11-21 3.3 LOW 6.5 MEDIUM
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176
CVE-2022-20009 1 Google 1 Android 2024-11-21 7.2 HIGH 6.8 MEDIUM
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel
CVE-2022-20008 1 Google 1 Android 2024-11-21 2.1 LOW 4.6 MEDIUM
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel
CVE-2022-20007 1 Google 1 Android 2024-11-21 6.2 MEDIUM 7.0 HIGH
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
CVE-2022-20006 1 Google 1 Android 2024-11-21 6.2 MEDIUM 7.0 HIGH
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871
CVE-2022-20005 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664
CVE-2022-20004 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767
CVE-2022-20002 1 Google 1 Android 2024-11-21 4.6 MEDIUM 7.8 HIGH
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657
CVE-2022-1941 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Protobuf-cpp and 1 more 2024-11-21 N/A 7.5 HIGH
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
CVE-2022-1919 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1876 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1875 1 Google 1 Chrome 2024-11-21 N/A 4.3 MEDIUM
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1874 2 Apple, Google 2 Macos, Chrome 2024-11-21 N/A 8.8 HIGH
Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.
CVE-2022-1873 1 Google 1 Chrome 2024-11-21 N/A 6.5 MEDIUM
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1872 1 Google 1 Chrome 2024-11-21 N/A 4.3 MEDIUM
Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
CVE-2022-1871 1 Google 1 Chrome 2024-11-21 N/A 4.3 MEDIUM
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.
CVE-2022-1870 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.