Total
7912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23999 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.9 LOW |
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||||
CVE-2022-23998 | 2 Google, Samsung | 2 Android, Camera | 2024-11-21 | 4.3 MEDIUM | 6.2 MEDIUM |
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. | |||||
CVE-2022-23729 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | |||||
CVE-2022-23728 | 1 Google | 1 Android | 2024-11-21 | 6.6 MEDIUM | 6.1 MEDIUM |
Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011. | |||||
CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||||
CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2022-23431 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2022-23429 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 5.3 MEDIUM |
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | |||||
CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2022-23427 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 3.9 LOW |
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | |||||
CVE-2022-23426 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | |||||
CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | |||||
CVE-2022-23278 | 4 Apple, Google, Linux and 1 more | 11 Macos, Android, Linux Kernel and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Microsoft Defender for Endpoint Spoofing Vulnerability | |||||
CVE-2022-23258 | 2 Google, Microsoft | 2 Android, Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
Microsoft Edge for Android Spoofing Vulnerability | |||||
CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A | 4.3 MEDIUM |
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A | 8.8 HIGH |
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
CVE-2022-22292 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
CVE-2022-22291 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | |||||
CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. |