Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32590 | 3 Google, Linuxfoundation, Mediatek | 47 Android, Yocto, Mt6761 and 44 more | 2022-10-12 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. | |||||
| CVE-2022-32589 | 3 Google, Linuxfoundation, Mediatek | 43 Android, Yocto, Mt6761 and 40 more | 2022-10-12 | N/A | 7.5 HIGH |
| In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600. | |||||
| CVE-2022-32593 | 2 Google, Mediatek | 2 Android, Mt6983 | 2022-10-12 | N/A | 6.7 MEDIUM |
| In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. | |||||
| CVE-2022-32592 | 3 Google, Linuxfoundation, Mediatek | 17 Android, Yocto, Mt6855 and 14 more | 2022-10-12 | N/A | 6.7 MEDIUM |
| In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405. | |||||
| CVE-2022-39862 | 2 Google, Samsung | 2 Android, Dynamic Lockscreen | 2022-10-11 | N/A | 9.8 CRITICAL |
| Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | |||||
| CVE-2022-39847 | 1 Google | 1 Android | 2022-10-11 | N/A | 5.3 MEDIUM |
| Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. | |||||
| CVE-2022-36868 | 1 Google | 1 Android | 2022-10-11 | N/A | 3.3 LOW |
| Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-39855 | 1 Google | 1 Android | 2022-10-11 | N/A | 4.3 MEDIUM |
| Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | |||||
| CVE-2022-26473 | 2 Google, Mediatek | 11 Android, Mt6789, Mt6855 and 8 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. | |||||
| CVE-2022-26472 | 2 Google, Mediatek | 40 Android, Mt6739, Mt6761 and 37 more | 2022-10-11 | N/A | 7.8 HIGH |
| In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. | |||||
| CVE-2022-26471 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2022-10-11 | N/A | 7.8 HIGH |
| In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121. | |||||
| CVE-2022-26452 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. | |||||
| CVE-2022-26474 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. | |||||
| CVE-2022-26475 | 3 Google, Linuxfoundation, Mediatek | 42 Android, Yocto, Mt6761 and 39 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. | |||||
| CVE-2019-5816 | 3 Fedoraproject, Google, Opensuse | 5 Fedora, Android, Chrome and 2 more | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. | |||||
| CVE-2022-39851 | 1 Google | 1 Android | 2022-10-11 | N/A | 3.3 LOW |
| Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | |||||
| CVE-2022-39852 | 1 Google | 1 Android | 2022-10-11 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. | |||||
| CVE-2022-39853 | 2 Google, Qualcomm | 3 Android, Sm8150, Sm8250 | 2022-10-11 | N/A | 7.8 HIGH |
| A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-39877 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-10-08 | N/A | 5.3 MEDIUM |
| Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2022-39849 | 1 Google | 1 Android | 2022-10-08 | N/A | 3.3 LOW |
| Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||||