Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | |||||
| CVE-2022-24002 | 1 Samsung | 1 Link Sharing | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. | |||||
| CVE-2022-23997 | 1 Samsung | 1 Wear Os | 2022-02-18 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. | |||||
| CVE-2022-22292 | 1 Google | 1 Android | 2022-02-18 | 4.6 MEDIUM | 7.8 HIGH |
| Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
| CVE-2022-22291 | 1 Google | 1 Android | 2022-02-18 | 2.1 LOW | 5.5 MEDIUM |
| Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | |||||
| CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23427 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 7.1 HIGH |
| PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | |||||
| CVE-2022-23426 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | |||||
| CVE-2022-23853 | 1 Kde | 2 Kate, Ktexteditor | 2022-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. | |||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23431 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2022-02-18 | 2.1 LOW | 3.3 LOW |
| A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-23429 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 4.4 MEDIUM |
| An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | |||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||||
| CVE-2021-35069 | 1 Qualcomm | 382 Apq8096au, Apq8096au Firmware, Aqt1000 and 379 more | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-39665 | 1 Google | 1 Android | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881 | |||||
| CVE-2021-39687 | 1 Google | 1 Android | 2022-02-18 | 2.1 LOW | 5.5 MEDIUM |
| In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A | |||||
| CVE-2021-35075 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Qca6174a and 95 more | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35074 | 1 Qualcomm | 82 Ar8035, Ar8035 Firmware, Qca6174a and 79 more | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35077 | 1 Qualcomm | 142 Ar8035, Ar8035 Firmware, Qca6174a and 139 more | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||