Google Software and search
Products by Google Sorted by Most Security Vulnerabilities since 2018
Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Recent Google Security Advisories
@google Tweets

Tue Jun 28 18:59:29 +0000 2022
By the Year
In 2022 there have been 557 vulnerabilities in Google with an average score of 7.0 out of ten. Last year Google had 1123 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Google in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.02.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 557 | 7.04 |
2021 | 1123 | 7.02 |
2020 | 982 | 7.10 |
2019 | 808 | 7.11 |
2018 | 419 | 7.41 |
It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Security Vulnerabilities
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files
CVE-2022-20203
7.8 - High
- June 15, 2022
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.
Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A
CVE-2022-20170
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A
In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free
CVE-2021-39806
7.8 - High
- June 15, 2022
In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420
Double-free
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java
CVE-2022-20138
7.8 - High
- June 15, 2022
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check
CVE-2022-20140
9.8 - Critical
- June 15, 2022
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988
Memory Corruption
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch
CVE-2022-20142
7.8 - High
- June 15, 2022
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion
CVE-2022-20143
5.5 - Medium
- June 15, 2022
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360
Resource Exhaustion
In multiple functions of AvatarPhotoController.java
CVE-2022-20144
7.8 - High
- June 15, 2022
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-187702830
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack
CVE-2022-20145
9.8 - Critical
- June 15, 2022
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking
CVE-2022-20153
6.7 - Medium
- June 15, 2022
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel
Dangling pointer
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition
CVE-2022-20154
6.4 - Medium
- June 15, 2022
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel
Race Condition
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition
CVE-2022-20155
7 - High
- June 15, 2022
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176754369References: N/A
Race Condition
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation
CVE-2022-20156
7.8 - High
- June 15, 2022
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A
Improper Input Validation
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20162
4.4 - Medium
- June 15, 2022
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A
Out-of-bounds Read
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20165
4.4 - Medium
- June 15, 2022
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A
Out-of-bounds Read
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow
CVE-2022-20166
6.7 - Medium
- June 15, 2022
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel
Memory Corruption
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A
CVE-2022-20171
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A
In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check
CVE-2022-20172
5.5 - Medium
- June 15, 2022
In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206987222References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A
CVE-2022-20173
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A
In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20174
4.4 - Medium
- June 15, 2022
In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A
Out-of-bounds Read
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A
CVE-2022-20175
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A
In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check
CVE-2022-20176
4.4 - Medium
- June 15, 2022
In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A
CVE-2022-20177
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow
CVE-2022-20178
6.7 - Medium
- June 15, 2022
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A
Memory Corruption
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A
CVE-2022-20179
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A
CVE-2022-20181
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check
CVE-2022-20182
4.4 - Medium
- June 15, 2022
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20183
6.7 - Medium
- June 15, 2022
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A
Memory Corruption
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A
CVE-2022-20184
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A
In TBD of TBD, there is a possible use after free bug
CVE-2022-20185
6.7 - Medium
- June 15, 2022
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A
Dangling pointer
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation
CVE-2022-20186
7.8 - High
- June 15, 2022
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A
Improper Input Validation
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A
CVE-2022-20188
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A
CVE-2022-20190
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A
CVE-2022-20191
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A
In grantEmbeddedWindowFocus of WindowManagerService.java
CVE-2022-20192
7.8 - High
- June 15, 2022
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712
In getUniqueUsagesWithLabels of PermissionUsageHelper.java
CVE-2022-20193
7.3 - High
- June 15, 2022
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass
CVE-2022-20194
7.8 - High
- June 15, 2022
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization
CVE-2022-20195
5 - Medium
- June 15, 2022
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664
Marshaling, Unmarshaling
In gallery3d and photos, there is a possible permission bypass due to a confused deputy
CVE-2022-20196
5 - Medium
- June 15, 2022
In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass
CVE-2022-20197
7.8 - High
- June 15, 2022
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300
In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20198
4.4 - Medium
- June 15, 2022
In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-221851879
Out-of-bounds Read
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check
CVE-2022-20200
5.5 - Medium
- June 15, 2022
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212695058
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20201
6.7 - Medium
- June 15, 2022
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817
Memory Corruption
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow
CVE-2022-20202
6.5 - Medium
- June 15, 2022
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614
Memory Corruption
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java
CVE-2022-20204
7.8 - High
- June 15, 2022
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation
CVE-2022-20205
5.5 - Medium
- June 15, 2022
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561
Improper Input Validation
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check
CVE-2022-20206
5.5 - Medium
- June 15, 2022
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value
CVE-2022-20207
7.8 - High
- June 15, 2022
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714
In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20208
4.4 - Medium
- June 15, 2022
In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192743373
Out-of-bounds Read
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow
CVE-2022-20209
7.5 - High
- June 15, 2022
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397
Memory Corruption
The UE and the EMM communicate with each other using NAS messages
CVE-2022-20210
9.8 - Critical
- June 15, 2022
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888
In param_find_digests_internal and related functions of the Titan-M source
CVE-2022-20233
6.7 - Medium
- June 15, 2022
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A
Memory Corruption
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking
CVE-2022-20141
7.8 - High
- June 15, 2022
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel
Improper Locking
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy
CVE-2022-20146
5.5 - Medium
- June 15, 2022
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20147
7.8 - High
- June 15, 2022
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105
Memory Corruption
In TBD of TBD, there is a possible use-after-free due to a race condition
CVE-2022-20148
6.4 - Medium
- June 15, 2022
In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel
Race Condition
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A
CVE-2022-20149
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A
CVE-2022-20151
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20152
6.7 - Medium
- June 15, 2022
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A
Memory Corruption
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20159
4.4 - Medium
- June 15, 2022
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A
Out-of-bounds Read
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A
CVE-2022-20160
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A
CVE-2022-20164
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A
CVE-2022-20169
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A
CVE-2022-20168
7.5 - High
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A
CVE-2022-20167
9.8 - Critical
- June 15, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input
CVE-2021-39691
7.3 - High
- June 15, 2022
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241
Clickjacking
In setScanMode of AdapterService.java
CVE-2022-20126
7.3 - High
- June 15, 2022
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023
authentification
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20131
7.5 - High
- June 15, 2022
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662
Memory Corruption
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check
CVE-2022-20133
7.8 - High
- June 15, 2022
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch
CVE-2022-20135
7.8 - High
- June 15, 2022
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465
In onCreateContextMenu of NetworkProviderSettings.java
CVE-2022-20137
7.3 - High
- June 15, 2022
In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392
Incorrect Default Permissions
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user
CVE-2022-20129
5.5 - Medium
- June 15, 2022
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478
Improper Input Validation
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow
CVE-2022-20130
9.8 - Critical
- June 15, 2022
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
Memory Corruption
In lg_probe and related functions of hid-lg.c and other USB HID files
CVE-2022-20132
4.6 - Medium
- June 15, 2022
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
Out-of-bounds Read
In readArguments of CallSubjectDialog.java
CVE-2022-20134
7.8 - High
- June 15, 2022
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397
Improper Input Validation
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20123
7.5 - High
- June 15, 2022
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424
Out-of-bounds Read
In deletePackageX of DeletePackageHelper.java
CVE-2022-20124
7.8 - High
- June 15, 2022
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-170646036
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape
CVE-2022-20125
6.8 - Medium
- June 15, 2022
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free
CVE-2022-20127
9.8 - Critical
- June 15, 2022
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119
Memory Corruption
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions
CVE-2022-31055
7.5 - High
- June 13, 2022
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
AuthZ
Improper handling of insufficient permissions vulnerability in addAppPackageNameTo
CVE-2022-30727
5.5 - Medium
- June 07, 2022
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
Improper Handling of Exceptional Conditions
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1
CVE-2022-30728
3.3 - Low
- June 07, 2022
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
Exposure of Resource to Wrong Sphere
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-30725
4.3 - Medium
- June 07, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
Improper Handling of Exceptional Conditions
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-30723
4.3 - Medium
- June 07, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
Improper Handling of Exceptional Conditions
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-30724
4.3 - Medium
- June 07, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
Improper Handling of Exceptional Conditions
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1
CVE-2022-30721
5.3 - Medium
- June 07, 2022
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
Improper Input Validation
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1
CVE-2022-30720
5.3 - Medium
- June 07, 2022
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
Improper Input Validation
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1
CVE-2022-30719
5.3 - Medium
- June 07, 2022
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
Improper Input Validation
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1
CVE-2022-30717
7.5 - High
- June 07, 2022
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.
AuthZ
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1
CVE-2022-30716
5.3 - Medium
- June 07, 2022
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
Improper Handling of Exceptional Conditions
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1
CVE-2022-30715
5.3 - Medium
- June 07, 2022
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
AuthZ
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1
CVE-2022-30714
3.3 - Low
- June 07, 2022
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
Exposure of Resource to Wrong Sphere
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1
CVE-2022-30713
9.1 - Critical
- June 07, 2022
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
Improper Input Validation
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1
CVE-2022-30711
9.1 - Critical
- June 07, 2022
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
Improper Input Validation
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1
CVE-2022-30726
7.8 - High
- June 07, 2022
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1
CVE-2022-30729
4.6 - Medium
- June 07, 2022
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1
CVE-2022-30722
9.8 - Critical
- June 07, 2022
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1
CVE-2022-30709
5.3 - Medium
- June 07, 2022
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
Improper Input Validation
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1
CVE-2022-30712
9.1 - Critical
- June 07, 2022
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
Improper Input Validation