Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20335 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725 | |||||
| CVE-2022-20340 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-166269532 | |||||
| CVE-2022-20339 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171572148 | |||||
| CVE-2022-20338 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In Core Utilities, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171966843 | |||||
| CVE-2022-20362 | 1 Google | 1 Android | 2022-08-16 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230756082 | |||||
| CVE-2022-20342 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-143534321 | |||||
| CVE-2022-20341 | 1 Google | 1 Android | 2022-08-16 | N/A | 5.5 MEDIUM |
| In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-162952629 | |||||
| CVE-2022-35793 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-08-15 | N/A | 7.3 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35755. | |||||
| CVE-2022-36124 | 1 Apache | 1 Avro | 2022-08-15 | N/A | 7.5 HIGH |
| It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | |||||
| CVE-2022-35792 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-08-15 | N/A | 7.8 HIGH |
| Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35764, CVE-2022-35765. | |||||
| CVE-2022-35724 | 1 Apache | 1 Avro | 2022-08-15 | N/A | 7.5 HIGH |
| It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | |||||
| CVE-2022-28880 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2022-08-15 | N/A | 7.5 HIGH |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-27535 | 2 Kaspersky, Microsoft | 2 Vpn Secure Connection, Windows | 2022-08-15 | N/A | 7.8 HIGH |
| Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker. | |||||
| CVE-2022-20292 | 1 Google | 1 Android | 2022-08-15 | N/A | 7.8 HIGH |
| In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202975040 | |||||
| CVE-2022-20291 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203430648 | |||||
| CVE-2022-20293 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202298672 | |||||
| CVE-2022-20296 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201794303 | |||||
| CVE-2022-20295 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160584 | |||||
| CVE-2022-20294 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160705 | |||||
| CVE-2022-20301 | 1 Google | 1 Android | 2022-08-15 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956614 | |||||