Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-35676 Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the co... | 7.8 | HIGH | — | 0 |
| CVE-2022-35677 Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the co... | 7.8 | HIGH | — | 0 |
| CVE-2022-35678 Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-2779 A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-38179 JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | 4.7 | MEDIUM | — | 0 |
| CVE-2022-38180 In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases | 5.3 | MEDIUM | — | 0 |
| CVE-2022-2390 Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-2503 Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads cu... | 6.9 | MEDIUM | — | 0 |
| CVE-2021-44720 In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.... | 7.2 | HIGH | — | 0 |
| CVE-2022-20253 In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interactio... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-20254 In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploit... | 8.8 | HIGH | — | 0 |
| CVE-2022-20255 In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution pri... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-20256 In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-36141 SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20258 In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges need... | 7.8 | HIGH | — | 0 |
| CVE-2022-20259 In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interact... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20260 In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interact... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20261 In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User... | 2.3 | LOW | — | 0 |
| CVE-2022-20262 In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges ne... | 3.3 | LOW | — | 0 |
| CVE-2022-20263 In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information disclosure of app usage with User execution privileges ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20265 In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege with physical access to the device with no additi... | 4.6 | MEDIUM | — | 0 |
| CVE-2022-20266 In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local esca... | 5.0 | MEDIUM | — | 0 |
| CVE-2022-20267 In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execu... | 3.3 | LOW | — | 0 |
| CVE-2022-20268 In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterpr... | 7.8 | HIGH | — | 0 |
| CVE-2022-20269 In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... | 6.8 | MEDIUM | — | 0 |
| CVE-2022-20270 In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges neede... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20271 In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additiona... | 7.8 | HIGH | — | 0 |
| CVE-2022-20272 In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privi... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20273 In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-20274 In Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not neede... | 7.8 | HIGH | — | 0 |
| CVE-2022-20275 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20276 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20277 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20278 In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privilege... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20279 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information di... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20280 In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges... | 3.3 | LOW | — | 0 |
| CVE-2022-20281 In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. Use... | 7.8 | HIGH | — | 0 |
| CVE-2022-20282 In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileg... | 7.8 | HIGH | — | 0 |
| CVE-2022-20283 In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interacti... | 8.8 | HIGH | — | 0 |
| CVE-2022-20284 In Telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of phone accounts with User execution privileges needed. Use... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20285 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclos... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20286 In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with User execution ... | 7.8 | HIGH | — | 0 |
| CVE-2022-20287 In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informatio... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20288 In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informatio... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20289 In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information discl... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20290 In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20291 In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosu... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20292 In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges need... | 7.8 | HIGH | — | 0 |
| CVE-2022-20293 In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosur... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20294 In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges ne... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.