Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23557 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
|
|||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.
|
|||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.
|
|||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23431 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23429 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 5.3 MEDIUM |
|
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.
|
|||||
| CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2022-23427 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 3.9 LOW |
|
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.
|
|||||
| CVE-2022-23426 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.
|
|||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
|
|||||
| CVE-2022-23278 | 4 Apple, Google, Linux and 1 more | 11 Macos, Android, Linux Kernel and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Microsoft Defender for Endpoint Spoofing Vulnerability
|
|||||
| CVE-2022-23258 | 2 Google, Microsoft | 2 Android, Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Microsoft Edge for Android Spoofing Vulnerability
|
|||||
| CVE-2022-22292 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
|
|||||
| CVE-2022-22291 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
|
|||||
| CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.
|
|||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.
|
|||||
| CVE-2022-22272 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
|
|||||
| CVE-2022-22271 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
|
|||||
| CVE-2022-22270 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 4.4 MEDIUM |
|
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
|
|||||
| CVE-2022-22269 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
|
|||||
| CVE-2022-22268 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
|
|||||
| CVE-2022-22267 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
|
|||||
| CVE-2022-22266 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
|
|||||
| CVE-2022-22264 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.7 HIGH |
|
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
|
|||||
| CVE-2022-22263 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
|
|||||
| CVE-2022-21792 | 2 Google, Mediatek | 11 Android, Mt6833, Mt6853 and 8 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.
|
|||||
| CVE-2022-21791 | 2 Google, Mediatek | 7 Android, Mt6833, Mt6853 and 4 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.
|
|||||
| CVE-2022-21790 | 2 Google, Mediatek | 6 Android, Mt6833, Mt6853 and 3 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.
|
|||||
| CVE-2022-21789 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6781 and 18 more | 2024-11-21 | N/A | 6.4 MEDIUM |
|
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.
|
|||||
| CVE-2022-21788 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.
|
|||||
| CVE-2022-21787 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844.
|
|||||
| CVE-2022-21786 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822.
|
|||||
| CVE-2022-21785 | 2 Google, Mediatek | 22 Android, Mt6877, Mt6983 and 19 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363.
|
|||||
| CVE-2022-21784 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462.
|
|||||
| CVE-2022-21783 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.
|
|||||
| CVE-2022-21782 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508.
|
|||||
| CVE-2022-21781 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433.
|
|||||
| CVE-2022-21780 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526.
|
|||||
| CVE-2022-21779 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393.
|
|||||
| CVE-2022-21777 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6735 and 39 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894.
|
|||||