Android@10.0 Security Vulnerabilities and Issues — Android@10.0 CVE List

Lucene search

GoogleAndroid10.0

331 matches found

CVE•added 2023/12/08 6:15 a.m.•545 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such acce...

6.3CVSS6.9AI score0.29778EPSS

CVE•added 2023/02/28 5:15 p.m.•162 views

CVE-2023-20944

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

7.8CVSS7.7AI score0.00022EPSS

CVE•added 2023/01/26 9:15 p.m.•144 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.6AI score0.00021EPSS

CVE•added 2023/01/26 9:15 p.m.•144 views

CVE-2022-20489

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.6AI score0.00023EPSS

CVE•added 2023/02/28 5:15 p.m.•138 views

CVE-2022-20481

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Androi...

5.5CVSS5AI score0.00014EPSS

CVE•added 2023/02/28 5:15 p.m.•122 views

CVE-2023-20943

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.7AI score0.00021EPSS

CVE•added 2023/01/26 9:15 p.m.•121 views

CVE-2022-20461

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7.6AI score0.00038EPSS

CVE•added 2023/02/28 5:15 p.m.•115 views

CVE-2023-20932

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.00013EPSS

CVE•added 2023/01/26 9:15 p.m.•111 views

CVE-2022-20490

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...

7.8CVSS7.7AI score0.00023EPSS

CVE•added 2023/02/28 5:15 p.m.•110 views

CVE-2023-20933

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

7.8CVSS7.7AI score0.00015EPSS

CVE•added 2023/01/26 9:18 p.m.•109 views

CVE-2023-20920

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

7.8CVSS7.6AI score0.0003EPSS

CVE•added 2023/01/26 9:18 p.m.•107 views

CVE-2023-20905

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS7.7AI score0.00029EPSS

CVE•added 2023/01/26 9:18 p.m.•106 views

CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio...

7.3CVSS7.2AI score0.00075EPSS

CVE•added 2023/01/26 9:15 p.m.•105 views

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 And...

5.5CVSS5.3AI score0.00849EPSS

CVE•added 2023/02/28 5:15 p.m.•102 views

CVE-2022-20455

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 ...

5.5CVSS5.3AI score0.0002EPSS

CVE•added 2023/01/26 9:15 p.m.•98 views

CVE-2022-20493

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 An...

7.8CVSS7.7AI score0.00026EPSS

CVE•added 2023/01/26 9:18 p.m.•96 views

CVE-2023-20915

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.6AI score0.0004EPSS

CVE•added 2023/01/26 9:18 p.m.•95 views

CVE-2023-20913

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is nee...

7.8CVSS7.6AI score0.00026EPSS

CVE•added 2023/02/28 5:15 p.m.•95 views

CVE-2023-20945

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.7AI score0.00015EPSS

CVE•added 2023/01/26 9:15 p.m.•92 views

CVE-2022-20492

7.8CVSS7.7AI score0.00023EPSS

CVE•added 2023/04/11 12:15 p.m.•84 views

CVE-2022-47335

In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2023/03/10 9:15 p.m.•83 views

CVE-2022-47460

In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.

5.5CVSS5.5AI score0.00022EPSS

CVE•added 2023/04/06 6:15 p.m.•81 views

CVE-2023-20655

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.

7.8CVSS7.8AI score0.00036EPSS

CVE•added 2023/01/03 9:15 p.m.•80 views

CVE-2022-32636

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064.

6.7CVSS6.7AI score0.00012EPSS

CVE•added 2023/02/06 8:15 p.m.•80 views

CVE-2023-20602

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107.

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2023/01/03 9:15 p.m.•78 views

CVE-2022-32635

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237.

7.8CVSS7.7AI score0.0003EPSS

CVE•added 2023/01/03 9:15 p.m.•78 views

CVE-2022-32637

In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374.

6.7CVSS6.7AI score0.00012EPSS

CVE•added 2023/01/04 10:15 a.m.•78 views

CVE-2022-44435

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/04/06 6:15 p.m.•76 views

CVE-2023-20652

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135.

6.7CVSS6.7AI score0.00011EPSS

CVE•added 2023/01/04 10:15 a.m.•74 views

CVE-2022-44427

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2023/01/04 10:15 a.m.•74 views

CVE-2022-44431

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2023/03/10 9:15 p.m.•74 views

CVE-2022-47459

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2023/01/04 10:15 a.m.•73 views

CVE-2022-44425

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2023/01/04 10:15 a.m.•73 views

CVE-2022-44429

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2023/01/04 10:15 a.m.•73 views

CVE-2022-44437

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/01/04 10:15 a.m.•72 views

CVE-2022-44432

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2023/02/12 4:15 a.m.•72 views

CVE-2022-47339

In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

6.7CVSS7AI score0.00021EPSS

CVE•added 2023/03/07 9:15 p.m.•72 views

CVE-2023-20623

In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778.

6.4CVSS6.6AI score0.00016EPSS

CVE•added 2023/01/04 10:15 a.m.•70 views

CVE-2022-44434

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/01/04 10:15 a.m.•70 views

CVE-2022-44438

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/02/12 4:15 a.m.•70 views

CVE-2022-47331

In wlan driver, there is a race condition. This could lead to local denial of service in wlan services.

4.7CVSS4.6AI score0.00023EPSS

CVE•added 2023/03/10 9:15 p.m.•69 views

CVE-2022-47461

In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

6.7CVSS6.7AI score0.00025EPSS

CVE•added 2023/04/06 6:15 p.m.•69 views

CVE-2023-20656

In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494.

6.7CVSS6.7AI score0.00015EPSS

CVE•added 2023/04/06 6:15 p.m.•69 views

CVE-2023-20657

In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485.

6.7CVSS6.7AI score0.00011EPSS

CVE•added 2023/05/09 2:15 a.m.•67 views

CVE-2022-47488

In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

4.4CVSS4.7AI score0.0001EPSS

CVE•added 2023/01/26 9:18 p.m.•67 views

CVE-2023-20908

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 An...

5.5CVSS5.3AI score0.00037EPSS

CVE•added 2023/04/06 6:15 p.m.•66 views

CVE-2022-32599

In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390.

6.7CVSS6.7AI score0.00023EPSS

CVE•added 2023/01/04 10:15 a.m.•66 views

CVE-2022-44428

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2023/01/04 10:15 a.m.•66 views

CVE-2022-44436

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/01/04 10:15 a.m.•63 views

CVE-2022-44426

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00035EPSS

Total number of security vulnerabilities331