ReportizFlow
Filtered by vendor
Subscriptions
Total
12661 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20314 | 1 Google | 1 Android | 2024-11-21 | 6.7 Medium |
| In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-191876118 | ||||
| CVE-2022-20266 | 1 Google | 1 Android | 2024-11-21 | 5.0 Medium |
| In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211757348 | ||||
| CVE-2022-20241 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011 | ||||
| CVE-2022-20205 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561 | ||||
| CVE-2022-20186 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A | ||||
| CVE-2022-20156 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | ||||
| CVE-2022-20134 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | ||||
| CVE-2022-20132 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel | ||||
| CVE-2022-20129 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | ||||
| CVE-2022-20037 | 2 Google, Mediatek | 57 Android, Mt6735, Mt6737 and 54 more | 2024-11-21 | 5.5 Medium |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. | ||||
| CVE-2022-20036 | 2 Google, Mediatek | 56 Android, Mt6735, Mt6737 and 53 more | 2024-11-21 | 5.5 Medium |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. | ||||
| CVE-2022-20020 | 2 Google, Mediatek | 28 Android, Mt6739, Mt6768 and 25 more | 2024-11-21 | 5.5 Medium |
| In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. | ||||
| CVE-2022-20017 | 2 Google, Mediatek | 26 Android, Mt6765, Mt6785 and 23 more | 2024-11-21 | 5.5 Medium |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. | ||||
| CVE-2022-1727 | 1 Diagrams | 1 Drawio | 2024-11-21 | 8.8 High |
| Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | ||||
| CVE-2022-1500 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2022-1431 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption. | ||||
| CVE-2022-1406 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project | ||||
| CVE-2022-1302 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 High |
| In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | ||||
| CVE-2022-1243 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. | ||||
| CVE-2022-1108 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-11-21 | 6.7 Medium |
| A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | ||||