Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25383 | 1 Google | 1 Android | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
CVE-2021-25385 | 1 Google | 1 Android | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
CVE-2021-25459 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | |||||
CVE-2021-25453 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. | |||||
CVE-2021-25426 | 1 Google | 1 Android | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. | |||||
CVE-2021-25460 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | |||||
CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-09-21 | N/A | 3.3 LOW |
Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | |||||
CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-09-21 | N/A | 3.3 LOW |
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
CVE-2011-0419 | 9 Apache, Apple, Debian and 6 more | 10 Http Server, Portable Runtime, Mac Os X and 7 more | 2022-09-19 | 4.3 MEDIUM | N/A |
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | |||||
CVE-2022-20398 | 1 Google | 1 Android | 2022-09-19 | N/A | 7.8 HIGH |
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 | |||||
CVE-2022-20399 | 1 Google | 1 Android | 2022-09-16 | N/A | 5.5 MEDIUM |
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel | |||||
CVE-2022-20396 | 1 Google | 1 Android | 2022-09-16 | N/A | 5.5 MEDIUM |
In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688 | |||||
CVE-2022-20395 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 | |||||
CVE-2022-20393 | 1 Google | 1 Android | 2022-09-16 | N/A | 5.5 MEDIUM |
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 | |||||
CVE-2022-20392 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | |||||
CVE-2022-20385 | 1 Google | 1 Android | 2022-09-16 | N/A | 9.8 CRITICAL |
a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 | |||||
CVE-2021-0943 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921 | |||||
CVE-2021-0942 | 1 Google | 1 Android | 2022-09-16 | N/A | 9.8 CRITICAL |
The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312 | |||||
CVE-2021-0871 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253 | |||||
CVE-2021-0697 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.0 HIGH |
In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403 |