🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20160 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A

📖 Read

via "National Vulnerability Database".
128 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20177 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20175 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20146 ‼

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20141 ‼

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel

📖 Read

via "National Vulnerability Database".
116 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20149 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A

📖 Read

via "National Vulnerability Database".
112 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20162 ‼

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A

📖 Read

via "National Vulnerability Database".
112 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20172 ‼

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206987222References: N/A

📖 Read

via "National Vulnerability Database".
109 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20166 ‼

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel

📖 Read

via "National Vulnerability Database".
106 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20164 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20140 ‼

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20174 ‼

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A

📖 Read

via "National Vulnerability Database".
105 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20179 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20147 ‼

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-39806 ‼

In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420

📖 Read

via "National Vulnerability Database".
109 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20193 ‼

In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116

📖 Read

via "National Vulnerability Database".
102 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27859 ‼

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20184 ‼

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20196 ‼

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29406 ‼

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress.

📖 Read

via "National Vulnerability Database".
98 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-20204 ‼

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100

📖 Read

via "National Vulnerability Database".
96 views