‼ CVE-2022-20525 ‼
📖 Read
via "National Vulnerability Database".
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42542 ‼
📖 Read
via "National Vulnerability Database".
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42509 ‼
📖 Read
via "National Vulnerability Database".
In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20554 ‼
📖 Read
via "National Vulnerability Database".
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20522 ‼
📖 Read
via "National Vulnerability Database".
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20569 ‼
📖 Read
via "National Vulnerability Database".
In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46135 ‼
📖 Read
via "National Vulnerability Database".
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44473 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42513 ‼
📖 Read
via "National Vulnerability Database".
In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20503 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42366 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42512 ‼
📖 Read
via "National Vulnerability Database".
In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763050References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20526 ‼
📖 Read
via "National Vulnerability Database".
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-20581 ‼
📖 Read
via "National Vulnerability Database".
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42522 ‼
📖 Read
via "National Vulnerability Database".
In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42501 ‼
📖 Read
via "National Vulnerability Database".
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20509 ‼
📖 Read
via "National Vulnerability Database".
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20610 ‼
📖 Read
via "National Vulnerability Database".
In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42514 ‼
📖 Read
via "National Vulnerability Database".
In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20529 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20543 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261📖 Read
via "National Vulnerability Database".