Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20314 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-191876118 | ||||
| CVE-2022-20266 | 1 Google | 1 Android | 2024-08-03 | 5.0 Medium |
| In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211757348 | ||||
| CVE-2022-20205 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561 | ||||
| CVE-2022-20241 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
| In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011 | ||||
| CVE-2022-20156 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | ||||
| CVE-2022-20186 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A | ||||
| CVE-2022-20129 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | ||||
| CVE-2022-20132 | 1 Google | 1 Android | 2024-08-03 | 4.6 Medium |
| In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel | ||||
| CVE-2022-20134 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | ||||
| CVE-2022-20036 | 2 Google, Mediatek | 56 Android, Mt6735, Mt6737 and 53 more | 2024-08-03 | 5.5 Medium |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. | ||||
| CVE-2022-20020 | 2 Google, Mediatek | 28 Android, Mt6739, Mt6768 and 25 more | 2024-08-03 | 5.5 Medium |
| In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. | ||||
| CVE-2022-20019 | 2 Google, Mediatek | 40 Android, Mt6595, Mt6735 and 37 more | 2024-08-03 | 5.5 Medium |
| In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. | ||||
| CVE-2022-20017 | 2 Google, Mediatek | 26 Android, Mt6765, Mt6785 and 23 more | 2024-08-03 | 5.5 Medium |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. | ||||
| CVE-2022-20037 | 2 Google, Mediatek | 57 Android, Mt6735, Mt6737 and 54 more | 2024-08-03 | 5.5 Medium |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. | ||||
| CVE-2022-4911 | 1 Google | 1 Chrome | 2024-08-03 | 6.5 Medium |
| Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-4925 | 1 Google | 1 Chrome | 2024-08-03 | 6.5 Medium |
| Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2022-4886 | 1 Kubernetes | 1 Ingress-nginx | 2024-08-03 | 8.8 High |
| Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. | ||||
| CVE-2022-4904 | 3 C-ares Project, Fedoraproject, Redhat | 6 C-ares, Fedora, Enterprise Linux and 3 more | 2024-08-03 | 8.6 High |
| A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | ||||
| CVE-2022-4504 | 1 Open-emr | 1 Openemr | 2024-08-03 | 7.5 High |
| Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4428 | 1 Cloudflare | 1 Warp | 2024-08-03 | 8.9 High |
| support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients). | ||||