Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24001 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.8 LOW |
|
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.
|
|||||
| CVE-2022-24000 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.9 LOW |
|
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
|
|||||
| CVE-2022-23999 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.9 LOW |
|
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
|
|||||
| CVE-2022-23998 | 2 Google, Samsung | 2 Android, Camera | 2024-11-21 | 4.3 MEDIUM | 6.2 MEDIUM |
|
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.
|
|||||
| CVE-2022-23729 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.
|
|||||
| CVE-2022-23728 | 1 Google | 1 Android | 2024-11-21 | 6.6 MEDIUM | 6.1 MEDIUM |
|
Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.
|
|||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.
|
|||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.
|
|||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23431 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23429 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 5.3 MEDIUM |
|
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.
|
|||||
| CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23427 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 3.9 LOW |
|
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.
|
|||||
| CVE-2022-23426 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.
|
|||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
|
|||||
| CVE-2022-23278 | 4 Apple, Google, Linux and 1 more | 11 Macos, Android, Linux Kernel and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Microsoft Defender for Endpoint Spoofing Vulnerability
|
|||||
| CVE-2022-23258 | 2 Google, Microsoft | 2 Android, Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Microsoft Edge for Android Spoofing Vulnerability
|
|||||
| CVE-2022-22292 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
|
|||||
| CVE-2022-22291 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
|
|||||
| CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.
|
|||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.
|
|||||
| CVE-2022-22272 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
|
|||||
| CVE-2022-22271 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
|
|||||
| CVE-2022-22270 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 4.4 MEDIUM |
|
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
|
|||||
| CVE-2022-22269 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
|
|||||
| CVE-2022-22268 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
|
|||||
| CVE-2022-22267 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
|
|||||
| CVE-2022-22266 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
|
|||||
| CVE-2022-22264 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.7 HIGH |
|
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
|
|||||
| CVE-2022-22263 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
|
|||||
| CVE-2022-21792 | 2 Google, Mediatek | 11 Android, Mt6833, Mt6853 and 8 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.
|
|||||
| CVE-2022-21791 | 2 Google, Mediatek | 7 Android, Mt6833, Mt6853 and 4 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.
|
|||||
| CVE-2022-21790 | 2 Google, Mediatek | 6 Android, Mt6833, Mt6853 and 3 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.
|
|||||
| CVE-2022-21789 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6781 and 18 more | 2024-11-21 | N/A | 6.4 MEDIUM |
|
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.
|
|||||
| CVE-2022-21788 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.
|
|||||
| CVE-2022-21787 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844.
|
|||||
| CVE-2022-21786 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822.
|
|||||
| CVE-2022-21785 | 2 Google, Mediatek | 22 Android, Mt6877, Mt6983 and 19 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363.
|
|||||
| CVE-2022-21784 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462.
|
|||||
| CVE-2022-21783 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.
|
|||||