Lucene search

K

47 matches found

CVE
CVE
added 2022/11/08 10:15 p.m.156 views

CVE-2022-20465

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...

4.6CVSS5AI score0.00023EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.126 views

CVE-2022-20462

In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.114 views

CVE-2022-20452

In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...

7.8CVSS7.9AI score0.00174EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.114 views

CVE-2022-20453

In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.111 views

CVE-2022-20441

In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not neede...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.107 views

CVE-2022-20450

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.106 views

CVE-2022-20448

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

5.5CVSS5.6AI score0.00003EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.106 views

CVE-2022-20457

In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A...

5.5CVSS5.7AI score0.00016EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.104 views

CVE-2022-20454

In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-...

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.103 views

CVE-2022-20426

In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

5.5CVSS5.3AI score0.0002EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.102 views

CVE-2022-20446

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...

3.3CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.99 views

CVE-2022-20445

In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr...

7.5CVSS7AI score0.00065EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.95 views

CVE-2022-20447

In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ...

6.5CVSS6.1AI score0.00204EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.95 views

CVE-2022-20451

In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.88 views

CVE-2022-20414

In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5.3AI score0.0002EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.75 views

CVE-2021-1050

In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android S...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.74 views

CVE-2022-32602

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790.

5.5CVSS5AI score0.00022EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.73 views

CVE-2021-39661

In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android...

7.8CVSS7.6AI score0.00018EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.64 views

CVE-2022-32601

In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132.

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.60 views

CVE-2022-20427

In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070Ref...

6.7CVSS6.6AI score0.00007EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.55 views

CVE-2022-20459

In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239...

6.7CVSS6.9AI score0.00008EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.55 views

CVE-2022-20460

In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelA...

6.7CVSS6.6AI score0.00009EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.53 views

CVE-2022-32603

In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704.

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.52 views

CVE-2022-39885

Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.

5.9CVSS4AI score0.00021EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.51 views

CVE-2022-20428

In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411Referenc...

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.51 views

CVE-2022-32612

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.

6.4CVSS6.6AI score0.00019EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.50 views

CVE-2022-21778

In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421.

6.7CVSS6.3AI score0.0001EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.50 views

CVE-2022-32618

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation....

6.8CVSS6.7AI score0.00046EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.50 views

CVE-2022-39879

Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.

5.9CVSS3.8AI score0.0002EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.49 views

CVE-2022-32607

In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.

6.7CVSS6.7AI score0.00021EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.49 views

CVE-2022-39880

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.49 views

CVE-2022-39886

Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.

5.9CVSS4AI score0.00021EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.46 views

CVE-2022-32610

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.

6.4CVSS6.6AI score0.00028EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.45 views

CVE-2022-32617

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation....

6.8CVSS6.7AI score0.00046EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.45 views

CVE-2022-39883

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.

7.8CVSS7.3AI score0.00015EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.45 views

CVE-2022-39887

Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.

4.3CVSS4AI score0.00019EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.44 views

CVE-2022-32605

In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898.

6.7CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.44 views

CVE-2022-32609

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.

6.4CVSS6.6AI score0.00028EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.44 views

CVE-2022-32613

In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.

6.4CVSS6.7AI score0.00017EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.43 views

CVE-2022-32608

In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753.

6.4CVSS6.6AI score0.00016EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.42 views

CVE-2022-32614

In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571.

6.7CVSS6.8AI score0.00013EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.42 views

CVE-2022-32616

In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258.

6.7CVSS6.7AI score0.00023EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.42 views

CVE-2022-39884

Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.

4.3CVSS4AI score0.00021EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.42 views

CVE-2022-42533

In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kerne...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.40 views

CVE-2022-32611

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373.

6.7CVSS6.7AI score0.00022EPSS
CVE
CVE
added 2022/11/08 9:15 p.m.38 views

CVE-2022-32615

In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559.

6.7CVSS6.7AI score0.00023EPSS
CVE
CVE
added 2022/11/09 10:15 p.m.35 views

CVE-2022-39882

Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.

8CVSS7.8AI score0.00012EPSS