Total
29593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20287 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082784 | ||||
| CVE-2022-20285 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230868108 | ||||
| CVE-2022-20250 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226134095 | ||||
| CVE-2022-20196 | 1 Google | 1 Android | 2024-11-21 | 5.0 Medium |
| In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148 | ||||
| CVE-2022-20146 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A | ||||
| CVE-2022-20145 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | ||||
| CVE-2022-20144 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906 | ||||
| CVE-2022-20129 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | ||||
| CVE-2022-20125 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 | ||||
| CVE-2022-20109 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2024-11-21 | 7.8 High |
| In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915. | ||||
| CVE-2022-20104 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-11-21 | 5.5 Medium |
| In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104. | ||||
| CVE-2022-20089 | 2 Google, Mediatek | 47 Android, Mt6580, Mt6731 and 44 more | 2024-11-21 | 6.7 Medium |
| In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. | ||||
| CVE-2022-20022 | 2 Google, Mediatek | 29 Android, Mt6580, Mt6630 and 26 more | 2024-11-21 | 6.5 Medium |
| In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578. | ||||
| CVE-2022-20021 | 2 Google, Mediatek | 30 Android, Awus036nh, Mt6580 and 27 more | 2024-11-21 | 6.5 Medium |
| In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513. | ||||
| CVE-2022-1947 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 6.5 Medium |
| Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | ||||
| CVE-2022-1941 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Protobuf-cpp and 2 more | 2024-11-21 | 7.5 High |
| A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. | ||||
| CVE-2022-1874 | 2 Apple, Google | 2 Macos, Chrome | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. | ||||
| CVE-2022-1867 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. | ||||
| CVE-2022-1857 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | ||||
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.8 High |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | ||||