‼ CVE-2022-20554 ‼
📖 Read
via "National Vulnerability Database".
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20522 ‼
📖 Read
via "National Vulnerability Database".
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20569 ‼
📖 Read
via "National Vulnerability Database".
In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46135 ‼
📖 Read
via "National Vulnerability Database".
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44473 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42513 ‼
📖 Read
via "National Vulnerability Database".
In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20503 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42366 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42512 ‼
📖 Read
via "National Vulnerability Database".
In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763050References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20526 ‼
📖 Read
via "National Vulnerability Database".
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-20581 ‼
📖 Read
via "National Vulnerability Database".
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42522 ‼
📖 Read
via "National Vulnerability Database".
In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42501 ‼
📖 Read
via "National Vulnerability Database".
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20509 ‼
📖 Read
via "National Vulnerability Database".
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20610 ‼
📖 Read
via "National Vulnerability Database".
In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42514 ‼
📖 Read
via "National Vulnerability Database".
In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20529 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20543 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42520 ‼
📖 Read
via "National Vulnerability Database".
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20579 ‼
📖 Read
via "National Vulnerability Database".
In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35252 ‼
📖 Read
via "National Vulnerability Database".
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.📖 Read
via "National Vulnerability Database".