Android@12.0 Security Vulnerabilities and Issues — Page 28 of Android@12.0 CVE List

4.4CVSS4.6AI score0.00012EPSS

CVE-2023-20823

In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08021592; Issue ID: ALPS08021592.

5.5CVSS5.1AI score0.00016EPSS

CVE-2023-20826

In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550.

6.4CVSS6.6AI score0.00016EPSS

CVE-2023-20834

In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.

6.4CVSS6.6AI score0.00016EPSS

CVE-2023-20835

In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.

CVE•added 2023/11/06 4:15 a.m.•42 views

CVE-2023-32839

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.

6.7CVSS6.7AI score0.00023EPSS

CVE•added 2024/01/02 3:15 a.m.•42 views

CVE-2023-32884

In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.

6.7CVSS6.3AI score0.00021EPSS

CVE•added 2023/07/12 9:15 a.m.•42 views

CVE-2023-33887

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

5.5CVSS5.2AI score0.00024EPSS

CVE•added 2023/10/08 4:15 a.m.•42 views

CVE-2023-40634

In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

7.8CVSS7.7AI score0.00027EPSS

CVE•added 2023/11/01 10:15 a.m.•42 views

CVE-2023-42649

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.00045EPSS

CVE•added 2024/11/04 2:15 a.m.•42 views

CVE-2024-20108

In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.

6.7CVSS7.2AI score0.0001EPSS

CVE•added 2024/07/01 9:15 a.m.•42 views

CVE-2024-39427

In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

5.1CVSS6.8AI score0.00018EPSS

CVE•added 2022/01/14 8:15 p.m.•41 views

CVE-2021-1037

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Andro...

5.3CVSS5.2AI score0.00064EPSS

CVE•added 2022/01/04 4:15 p.m.•41 views

CVE-2022-20018

In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.

4.4CVSS4.3AI score0.00014EPSS

CVE•added 2022/09/06 6:15 p.m.•41 views

CVE-2022-26457

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138490; Issue ID: ALPS07138490.

6.7CVSS6.7AI score0.00016EPSS

CVE•added 2022/09/06 6:15 p.m.•41 views

CVE-2022-26466

In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558777; Issue ID: ALPS06558777.

6.7CVSS6.7AI score0.00015EPSS

CVE•added 2022/11/08 9:15 p.m.•41 views

CVE-2022-32611

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373.

6.7CVSS6.7AI score0.00026EPSS

CVE•added 2023/02/06 8:15 p.m.•41 views

CVE-2022-32643

In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.

6.4CVSS6.6AI score0.00044EPSS

CVE•added 2022/09/09 3:15 p.m.•41 views

CVE-2022-36853

Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.

7.5CVSS7.4AI score0.00065EPSS

CVE•added 2023/01/04 10:15 a.m.•41 views

CVE-2022-39082

In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.

6.7CVSS6.7AI score0.0005EPSS

CVE•added 2022/12/06 7:15 a.m.•41 views

CVE-2022-39091

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

7.8CVSS7.5AI score0.00042EPSS

CVE•added 2022/12/06 7:15 a.m.•41 views

CVE-2022-39102

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

7.8CVSS7.5AI score0.00016EPSS

CVE•added 2022/10/14 7:15 p.m.•41 views

CVE-2022-39103

In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00028EPSS

CVE•added 2022/10/14 7:15 p.m.•41 views

CVE-2022-39110

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

7.8CVSS7.6AI score0.00131EPSS

CVE•added 2022/10/14 7:15 p.m.•41 views

CVE-2022-39120

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

5.5CVSS5.4AI score0.00028EPSS

CVE•added 2022/12/08 4:15 p.m.•41 views

CVE-2022-39898

Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.

4CVSS4AI score0.00048EPSS

5.5CVSS5.5AI score0.0002EPSS

CVE-2022-44419

In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges.

6.4CVSS5.1AI score0.00026EPSS

CVE-2022-47324

In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.

6.4CVSS5.1AI score0.00023EPSS

CVE-2022-47325

In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.

5.5CVSS5.3AI score0.00025EPSS

CVE-2022-47354

In log service, there is a missing permission check. This could lead to local denial of service in log service.

5.7CVSS5.3AI score0.00015EPSS

CVE-2022-47369

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00013EPSS

CVE-2022-48234

In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .

5.5CVSS5.4AI score0.00026EPSS

CVE-2022-48241

In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

7.8CVSS7.7AI score0.00036EPSS

CVE-2022-48243

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

4.4CVSS4.7AI score0.0001EPSS

CVE-2022-48374

In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.