Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27573 | 1 Google | 1 Android | 2022-04-18 | 6.5 MEDIUM | 7.2 HIGH |
| Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | |||||
| CVE-2022-27574 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 7.2 HIGH |
| Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | |||||
| CVE-2022-27572 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | |||||
| CVE-2022-27571 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
| CVE-2022-27569 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
| CVE-2022-27570 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
| CVE-2022-27568 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
| CVE-2022-27567 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | |||||
| CVE-2022-26099 | 1 Google | 1 Android | 2022-04-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. | |||||
| CVE-2022-20081 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6735 and 24 more | 2022-04-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919. | |||||
| CVE-2022-20080 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2022-04-18 | 6.9 MEDIUM | 6.4 MEDIUM |
| In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. | |||||
| CVE-2022-20079 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-04-18 | 2.1 LOW | 4.4 MEDIUM |
| In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. | |||||
| CVE-2022-20077 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-04-18 | 6.9 MEDIUM | 6.4 MEDIUM |
| In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. | |||||
| CVE-2022-20076 | 2 Google, Mediatek | 63 Android, Mt6580, Mt6731 and 60 more | 2022-04-18 | 2.1 LOW | 4.4 MEDIUM |
| In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. | |||||
| CVE-2022-20075 | 2 Google, Mediatek | 63 Android, Mt6580, Mt6731 and 60 more | 2022-04-18 | 7.2 HIGH | 6.7 MEDIUM |
| In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808. | |||||
| CVE-2022-20062 | 2 Google, Mediatek | 37 Android, Mt6765, Mt6785 and 34 more | 2022-04-14 | 7.2 HIGH | 6.7 MEDIUM |
| In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418. | |||||
| CVE-2022-20063 | 2 Google, Mediatek | 8 Android, Mt6765, Mt8385 and 5 more | 2022-04-14 | 6.9 MEDIUM | 6.5 MEDIUM |
| In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715. | |||||
| CVE-2022-20052 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6735 and 43 more | 2022-04-14 | 6.9 MEDIUM | 6.5 MEDIUM |
| In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642. | |||||
| CVE-2021-34425 | 5 Apple, Google, Linux and 2 more | 6 Iphone Os, Macos, Android and 3 more | 2022-04-12 | 4.0 MEDIUM | 6.1 MEDIUM |
| The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. | |||||
| CVE-2017-5094 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | |||||