CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » 12.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30729 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
2 CVE-2022-30728 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
3 CVE-2022-30727 755 2022-06-07 2022-06-11
2.1
None Local Low Not required None Partial None
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
4 CVE-2022-30726 2022-06-07 2022-06-11
4.6
None Local Low Not required Partial Partial Partial
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
5 CVE-2022-30725 755 2022-06-07 2022-06-11
3.3
None Local Network Low Not required Partial None None
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
6 CVE-2022-30724 755 2022-06-07 2022-06-11
3.3
None Local Network Low Not required Partial None None
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
7 CVE-2022-30723 755 2022-06-07 2022-06-11
3.3
None Local Network Low Not required Partial None None
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
8 CVE-2022-30722 Bypass 2022-06-07 2022-06-11
7.5
None Remote Low Not required Partial Partial Partial
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
9 CVE-2022-30721 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
10 CVE-2022-30720 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
11 CVE-2022-30719 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
12 CVE-2022-30716 755 2022-06-07 2022-06-11
5.0
None Remote Low Not required Partial None None
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
13 CVE-2022-30715 862 2022-06-07 2022-06-11
5.0
None Remote Low Not required None Partial None
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
14 CVE-2022-30714 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
15 CVE-2022-30713 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
16 CVE-2022-30712 20 2022-06-07 2022-06-11
6.4
None Remote Low Not required Partial Partial None
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
17 CVE-2022-30711 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
18 CVE-2022-30710 20 2022-06-07 2022-06-11
9.4
None Remote Low Not required Complete Complete None
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
19 CVE-2022-30709 20 2022-06-07 2022-06-11
5.0
None Remote Low Not required None None Partial
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
20 CVE-2022-28794 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
21 CVE-2022-28788 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
22 CVE-2022-28787 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
23 CVE-2022-28786 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
24 CVE-2022-28785 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
25 CVE-2022-28784 22 Dir. Trav. 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
26 CVE-2022-28783 20 2022-05-03 2022-05-11
3.6
None Local Low Not required None Partial Partial
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
27 CVE-2022-28782 863 2022-05-03 2022-05-11
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
28 CVE-2022-28781 20 2022-05-03 2022-05-11
7.2
None Local Low Not required Complete Complete Complete
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
29 CVE-2022-28780 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
30 CVE-2022-27836 22 Dir. Trav. 2022-04-11 2022-04-27
7.2
None Local Low Not required Complete Complete Complete
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.
31 CVE-2022-27835 119 Overflow 2022-04-11 2022-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
32 CVE-2022-27832 125 DoS 2022-04-11 2022-04-18
2.1
None Local Low Not required None None Partial
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
33 CVE-2022-27831 125 2022-04-11 2022-04-18
3.6
None Local Low Not required Partial None Partial
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.
34 CVE-2022-27830 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
35 CVE-2022-27829 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
36 CVE-2022-27828 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
37 CVE-2022-27827 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
38 CVE-2022-27826 20 2022-04-11 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
39 CVE-2022-27825 125 2022-04-11 2022-04-18
5.8
None Remote Medium Not required Partial None Partial
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
40 CVE-2022-27824 125 2022-04-11 2022-04-18
5.8
None Remote Medium Not required Partial None Partial
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file
41 CVE-2022-27823 125 2022-04-11 2022-04-18
5.8
None Remote Medium Not required Partial None Partial
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
42 CVE-2022-27822 668 2022-04-11 2022-04-18
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
43 CVE-2022-27821 125 DoS 2022-04-11 2022-04-18
4.3
None Remote Medium Not required None None Partial
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
44 CVE-2022-27576 668 2022-04-11 2022-04-18
4.3
None Remote Medium Not required Partial None None
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
45 CVE-2022-27575 668 2022-04-11 2022-04-18
4.3
None Remote Medium Not required Partial None None
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.
46 CVE-2022-27574 787 2022-04-11 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
47 CVE-2022-27573 787 2022-04-11 2022-04-18
6.5
None Remote Low ??? Partial Partial Partial
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
48 CVE-2022-27572 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
49 CVE-2022-27571 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
50 CVE-2022-27570 787 Exec Code Overflow 2022-04-11 2022-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
Total number of vulnerabilities : 271   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.