Google Android vulnerabilities
9,646 known vulnerabilities affecting google/android.
Total CVEs
9,646
CISA KEV
48
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2
Vulnerabilities
Page 199 of 483
CVE-2022-20112MEDIUMCVSS 5.5v10.0v11.0+3 more2022-05-10
CVE-2022-20112 [MEDIUM] CWE-269 CVE-2022-20112: In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest
In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 And
nvdandroid
CVE-2021-39700MEDIUMCVSS 5.5v10.0v11.0+2 more2022-05-10
CVE-2021-39700 [MEDIUM] CVE-2021-39700: In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to rep
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790
nvdandroid
CVE-2022-20011MEDIUMCVSS 5.5v10.0v11.0+3 more2022-05-10
CVE-2022-20011 [MEDIUM] CWE-862 CVE-2022-20011: In getArray of NotificationManagerService.java , there is a possible leak of one user notifications
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndro
nvdandroid
CVE-2022-20115MEDIUMCVSS 5.5v12.0v12.1+1 more2022-05-10
CVE-2022-20115 [MEDIUM] CWE-862 CVE-2022-20115: In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base sta
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12
nvdandroid
CVE-2022-20010MEDIUMCVSS 6.5v12.0v12.1+1 more2022-05-10
CVE-2022-20010 [MEDIUM] CWE-125 CVE-2022-20010: In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176
nvdandroid
CVE-2022-20111HIGHCVSS 8.4v9.0v10.0+2 more2022-05-03
CVE-2022-20111 [HIGH] CWE-755 CVE-2022-20111: In ion, there is a possible use after free due to incorrect error handling. This could lead to local
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069.
nvd
CVE-2022-21743HIGHCVSS 7.8v9.0v10.0+2 more2022-05-03
CVE-2022-21743 [HIGH] CWE-190 CVE-2022-21743: In ion, there is a possible use after free due to an integer overflow. This could lead to local esca
In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108.
nvd
CVE-2022-20084HIGHCVSS 7.8v10.0v11.0+1 more2022-05-03
CVE-2022-20084 [HIGH] CWE-862 CVE-2022-20084: In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing per
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874.
nvdandroid
CVE-2022-20099HIGHCVSS 7.8v11.0v12.02022-05-03
CVE-2022-20099 [HIGH] CWE-787 CVE-2022-20099: In aee daemon, there is a possible out of bounds write due to improper input validation. This could
In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442.
nvd
CVE-2022-20088HIGHCVSS 7.8v11.0v12.02022-05-03
CVE-2022-20088 [HIGH] CWE-755 CVE-2022-20088: In aee driver, there is a possible reference count mistake due to incorrect error handling. This cou
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201.
nvd
CVE-2022-20110HIGHCVSS 7.0v9.0v10.0+2 more2022-05-03
CVE-2022-20110 [HIGH] CWE-367 CVE-2022-20110: In ion, there is a possible use after free due to a race condition. This could lead to local escalat
In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901.
nvdandroid
CVE-2022-20093HIGHCVSS 7.8v10.0v11.0+1 more2022-05-03
CVE-2022-20093 [HIGH] CWE-862 CVE-2022-20093: In telephony, there is a possible way to disable receiving SMS messages due to a missing permission
In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868.
nvd
CVE-2022-28783HIGHCVSS 7.1v10.0v11.0+1 more2022-05-03
CVE-2022-28783 [HIGH] CWE-20 CVE-2022-28783: Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
nvd
CVE-2022-20109HIGHCVSS 7.8v9.0v10.0+2 more2022-05-03
CVE-2022-20109 [HIGH] CVE-2022-20109: In ion, there is a possible use after free due to improper update of reference count. This could lea
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.
nvdandroid
CVE-2022-28781MEDIUMCVSS 6.7v11.0v12.02022-05-03
CVE-2022-28781 [MEDIUM] CWE-20 CVE-2022-28781: Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arb
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
nvd
CVE-2022-20092MEDIUMCVSS 5.5v11.0v12.02022-05-03
CVE-2022-20092 [MEDIUM] CWE-125 CVE-2022-20092: In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could le
In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061.
nvd
CVE-2022-20101MEDIUMCVSS 5.5v11.0v12.02022-05-03
CVE-2022-20101 [MEDIUM] CWE-22 CVE-2022-20101: In aee daemon, there is a possible information disclosure due to a path traversal. This could lead t
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870.
nvd
CVE-2022-20085MEDIUMCVSS 6.7v11.0v12.02022-05-03
CVE-2022-20085 [MEDIUM] CWE-59 CVE-2022-20085: In netdiag, there is a possible symbolic link following due to an improper link resolution. This cou
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877.
nvd
CVE-2022-28782MEDIUMCVSS 4.6v11.0v12.02022-05-03
CVE-2022-28782 [MEDIUM] CWE-424 CVE-2022-28782: Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows p
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
nvd
CVE-2022-20097MEDIUMCVSS 4.7v11.0v12.02022-05-03
CVE-2022-20097 [MEDIUM] CWE-362 CVE-2022-20097: In aee daemon, there is a possible information disclosure due to a race condition. This could lead t
In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944.
nvd