Total
3289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20126 | 1 Google | 1 Android | 2024-08-03 | 7.3 High |
| In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023 | ||||
| CVE-2022-20121 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | ||||
| CVE-2022-20115 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427 | ||||
| CVE-2022-20093 | 2 Google, Mediatek | 57 Android, Mt6731, Mt6732 and 54 more | 2024-08-03 | 7.8 High |
| In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | ||||
| CVE-2022-20100 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-08-03 | 4.4 Medium |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. | ||||
| CVE-2022-20102 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-08-03 | 4.4 Medium |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. | ||||
| CVE-2022-20084 | 2 Google, Mediatek | 55 Android, Mt6731, Mt6732 and 52 more | 2024-08-03 | 7.8 High |
| In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | ||||
| CVE-2022-20098 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-08-03 | 4.4 Medium |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. | ||||
| CVE-2022-20053 | 2 Google, Mediatek | 60 Android, Mt6731, Mt6732 and 57 more | 2024-08-03 | 7.8 High |
| In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. | ||||
| CVE-2022-20011 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 | ||||
| CVE-2022-20043 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2024-08-03 | 7.8 High |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. | ||||
| CVE-2022-20024 | 2 Google, Mediatek | 28 Android, Mt6580, Mt6739 and 25 more | 2024-08-03 | 7.8 High |
| In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. | ||||
| CVE-2022-20049 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6785 and 18 more | 2024-08-03 | 6.7 Medium |
| In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. | ||||
| CVE-2022-20054 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2024-08-03 | 7.8 High |
| In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. | ||||
| CVE-2022-20041 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2024-08-03 | 7.8 High |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. | ||||
| CVE-2022-4948 | 1 Flying-press | 1 Flyingpress | 2024-08-03 | 4.3 Medium |
| The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker. | ||||
| CVE-2022-4937 | 1 Wclovers | 1 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible | 2024-08-03 | 6.3 Medium |
| The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected. | ||||
| CVE-2022-20004 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767 | ||||
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2024-08-03 | 4.3 Medium |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | ||||
| CVE-2022-20002 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 | ||||