CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-20151

2022-06-23

N/A

7.5 HIGH

Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A

CVE-2022-2015

2022-06-15

N/A

5.4 MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

CVE-2022-20149

2022-06-23

N/A

7.5 HIGH

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A

CVE-2022-20148

2022-06-23

N/A

6.4 MEDIUM

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel

CVE-2022-20147

2022-06-23

N/A

7.8 HIGH

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105

CVE-2022-20146

2022-06-23

N/A

5.5 MEDIUM

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A

CVE-2022-20145

2022-06-24

N/A

9.8 CRITICAL

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636

CVE-2022-20144

Android, Google

Admob, Android, Android_api, Android_browser, Android_debug_bridge, Android_one, Android_sdk, Android_sdk_platform_tools, Android_sdk_tools, Android_tv

2023-02-23

N/A

7.8 HIGH

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906

CVE-2022-20143

2022-06-24

N/A

5.5 MEDIUM

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360

CVE-2022-20142

2022-06-24

N/A

7.8 HIGH

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962

« Previous 1 … 10,888 10,889 10,890 10,891 10,892 … 11,258 Next »