Google Android vulnerabilities
9,646 known vulnerabilities affecting google/android.
Total CVEs
9,646
CISA KEV
48
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2
Vulnerabilities
Page 198 of 483
CVE-2021-35111HIGHCVSS 7.52022-06-01
CVE-2021-35111 [HIGH] CVE-2021-35111: Closed-source component
Android Security Bulletin 2022-06-01
CVE: CVE-2021-35111
Severity: HIGH
Component: Closed-source component
References: A-209469960*
android
CVE-2022-22086HIGHCVSS 7.32022-06-01
CVE-2022-22086 [HIGH] CVE-2022-22086: Closed-source component
Android Security Bulletin 2022-06-01
CVE: CVE-2022-22086
Severity: HIGH
Component: Closed-source component
References: A-223211218*
android
CVE-2022-24958HIGHCVSS 7.82022-06-01
CVE-2022-24958 [HIGH] CVE-2022-24958: USB
Android Security Bulletin 2022-06-01
CVE: CVE-2022-24958
Severity: HIGH
Type: EoP
Component: USB
References: A-220261709
Upstream kernel
[2]
[3]
[4]
android
CVE-2022-20132HIGHCVSS 4.62022-06-01
CVE-2022-20132 [MEDIUM] CVE-2022-20132: USB HID
Android Security Bulletin 2022-06-01
CVE: CVE-2022-20132
Severity: HIGH
Type: ID
Component: USB HID
References: A-188677105
Upstream kernel
[2]
[3]
[4]
[5]
[6]
[7]
android
CVE-2022-22083HIGHCVSS 7.52022-06-01
CVE-2022-22083 [HIGH] CVE-2022-22083: Closed-source component
Android Security Bulletin 2022-06-01
CVE: CVE-2022-22083
Severity: HIGH
Component: Closed-source component
References: A-223210917*
android
CVE-2022-25258HIGHCVSS 4.62022-06-01
CVE-2022-25258 [MEDIUM] CVE-2022-25258: USB
Android Security Bulletin 2022-06-01
CVE: CVE-2022-25258
Severity: HIGH
Type: EoP
Component: USB
References: A-222023189
Upstream kernel
[2]
android
CVE-2021-35083HIGHCVSS 8.22022-06-01
CVE-2021-35083 [HIGH] CVE-2021-35083: Closed-source component
Android Security Bulletin 2022-06-01
CVE: CVE-2021-35083
Severity: HIGH
Component: Closed-source component
References: A-209481130*
android
CVE-2022-22087HIGHCVSS 7.32022-06-01
CVE-2022-22087 [HIGH] CVE-2022-22087: Closed-source component
Android Security Bulletin 2022-06-01
CVE: CVE-2022-22087
Severity: HIGH
Component: Closed-source component
References: A-223209610*
android
CVE-2022-20141HIGHCVSS 7.02022-06-01
CVE-2022-20141 [HIGH] CVE-2022-20141: Inet sockets
Android Security Bulletin 2022-06-01
CVE: CVE-2022-20141
Severity: HIGH
Type: EoP
Component: Inet sockets
References: A-112551163
Upstream kernel
android
CVE-2021-4154HIGHCVSS 8.82022-06-01
CVE-2021-4154 [HIGH] CVE-2021-4154: Kernel
Android Security Bulletin 2022-06-01
CVE: CVE-2021-4154
Severity: HIGH
Type: EoP
Component: Kernel
References: A-218836280
Upstream kernel
android
CVE-2022-22085HIGHCVSS 8.42022-06-01
CVE-2022-22085 [HIGH] CVE-2022-22085: Closed-source component
Android Security Bulletin 2022-06-01
CVE: CVE-2022-22085
Severity: HIGH
Component: Closed-source component
References: A-223209306*
android
CVE-2022-20113HIGHCVSS 7.8v12.0v12.1+1 more2022-05-10
CVE-2022-20113 [HIGH] CVE-2022-20113: In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enabl
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A
nvdandroid
CVE-2022-20114HIGHCVSS 7.8v10.0v11.0+3 more2022-05-10
CVE-2022-20114 [HIGH] CWE-269 CVE-2022-20114: In placeCall of TelecomManager.java, there is a possible way for an application to keep itself runni
In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Andr
nvdandroid
CVE-2022-20007HIGHCVSS 7.0v10.0v11.0+3 more2022-05-10
CVE-2022-20007 [HIGH] CWE-362 CVE-2022-20007: In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: A
nvdandroid
CVE-2022-20006HIGHCVSS 7.0v10.0v11.0+3 more2022-05-10
CVE-2022-20006 [HIGH] CWE-362 CVE-2022-20006: In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to b
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi
nvdandroid
CVE-2022-20005HIGHCVSS 7.8v10.0v11.0+3 more2022-05-10
CVE-2022-20005 [HIGH] CVE-2022-20005: In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch betw
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-21904
nvdandroid
CVE-2022-20116HIGHCVSS 7.8v12.0v12.1+1 more2022-05-10
CVE-2022-20116 [HIGH] CVE-2022-20116: In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due
In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440
nvdandroid
CVE-2021-39738HIGHCVSS 7.8v10.0v11.0+3 more2022-05-10
CVE-2021-39738 [HIGH] CWE-862 CVE-2021-39738: In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permi
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509
nvd
CVE-2022-20004HIGHCVSS 7.8v10.0v11.0+3 more2022-05-10
CVE-2022-20004 [HIGH] CWE-862 CVE-2022-20004: In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to i
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID:
nvdandroid
CVE-2021-39670MEDIUMCVSS 5.5v12.0v12.1+1 more2022-05-10
CVE-2021-39670 [MEDIUM] CWE-770 CVE-2021-39670: In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to impro
In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139
nvdandroid