Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26447 | 3 Google, Mediatek, Yoctoproject | 27 Android, Mt6580, Mt6735 and 24 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478.
|
|||||
| CVE-2022-26436 | 2 Google, Mediatek | 5 Android, Mt6855, Mt6879 and 2 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666.
|
|||||
| CVE-2022-26435 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.
|
|||||
| CVE-2022-26434 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450.
|
|||||
| CVE-2022-26433 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.
|
|||||
| CVE-2022-26432 | 3 Google, Mediatek, Yoctoproject | 25 Android, Mt6833, Mt6853 and 22 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542.
|
|||||
| CVE-2022-26431 | 3 Google, Mediatek, Yoctoproject | 25 Android, Mt6833, Mt6853 and 22 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553.
|
|||||
| CVE-2022-26430 | 3 Google, Mediatek, Yoctoproject | 25 Android, Mt6833, Mt6853 and 22 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521.
|
|||||
| CVE-2022-26429 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6735 and 39 more | 2024-11-21 | N/A | 7.8 HIGH |
|
In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415.
|
|||||
| CVE-2022-26428 | 2 Google, Mediatek | 12 Android, Mt6739, Mt6761 and 9 more | 2024-11-21 | N/A | 6.4 MEDIUM |
|
In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.
|
|||||
| CVE-2022-26427 | 2 Google, Mediatek | 6 Android, Mt6833, Mt6853 and 3 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540.
|
|||||
| CVE-2022-26426 | 2 Google, Mediatek | 22 Android, Mt6833, Mt6853 and 19 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486.
|
|||||
| CVE-2022-26099 | 1 Google | 1 Android | 2024-11-21 | 6.4 MEDIUM | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
|
|||||
| CVE-2022-26098 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
|
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
|
|||||
| CVE-2022-26097 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26096 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26095 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26094 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26093 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26092 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.4 HIGH |
|
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
|
|||||
| CVE-2022-26091 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.7 MEDIUM |
|
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.
|
|||||
| CVE-2022-26090 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
|
|||||
| CVE-2022-25833 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
|
|||||
| CVE-2022-25832 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 4.0 MEDIUM |
|
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.
|
|||||
| CVE-2022-25831 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 2.0 LOW |
|
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
|
|||||
| CVE-2022-25822 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.0 MEDIUM |
|
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
|
|||||
| CVE-2022-25821 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 3.3 LOW |
|
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
|
|||||
| CVE-2022-25820 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
|
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
|
|||||
| CVE-2022-25819 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.
|
|||||
| CVE-2022-25818 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
|
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
|
|||||
| CVE-2022-25817 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
|
|||||
| CVE-2022-25816 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
|
|||||
| CVE-2022-25815 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
|
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
|
|||||
| CVE-2022-25814 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
|
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
|
|||||
| CVE-2022-25635 | 3 Google, Linux, Realtek | 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
|
|||||
| CVE-2022-24932 | 2 Google, Samsung | 2 Android, Cloud | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
|
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
|
|||||
| CVE-2022-24931 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.9 HIGH |
|
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
|
|||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
|
|||||
| CVE-2022-24928 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 5.9 MEDIUM |
|
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
|
|||||
| CVE-2022-24925 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 4.4 MEDIUM |
|
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.
|
|||||