Search
Total
622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47360 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||
| CVE-2022-47330 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47324 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-44421 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure. | |||||
| CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-08-08 | N/A | 4.3 MEDIUM |
| The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | |||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 5.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
| CVE-2022-20941 | 1 Cisco | 1 Firepower Management Center | 2023-08-08 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | |||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||
| CVE-2022-42782 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-47325 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47327 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47450 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47329 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47333 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47328 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-47357 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||
| CVE-2022-47326 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-0125 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project. | |||||
| CVE-2021-0735 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 | |||||
| CVE-2022-20323 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible package installation disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176203 | |||||
| CVE-2022-47339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-20326 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527 | |||||
| CVE-2022-20341 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-162952629 | |||||
| CVE-2022-20284 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of phone accounts with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986341 | |||||
| CVE-2022-20312 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. This could lead to local information disclosure without additional execution privileges needed. User interaction is not needed forexploitationProduct: AndroidVersions: Android-13Android ID: A-192244925 | |||||
| CVE-2022-20294 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160705 | |||||
| CVE-2022-20049 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6785 and 18 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. | |||||
| CVE-2022-20322 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176993 | |||||
| CVE-2022-20296 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201794303 | |||||
| CVE-2022-20394 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.0 MEDIUM |
| In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124 | |||||
| CVE-2022-41797 | 1 Lemon8 Project | 1 Lemon8 | 2023-08-08 | N/A | 6.5 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2022-20255 | 1 Google | 1 Android | 2023-08-08 | N/A | 4.4 MEDIUM |
| In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222687217 | |||||
| CVE-2022-20295 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160584 | |||||
| CVE-2022-20206 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634 | |||||
| CVE-2022-21748 | 2 Google, Mediatek | 35 Android, Mt6580, Mt6735 and 32 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. | |||||
| CVE-2022-20259 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221431393 | |||||
| CVE-2022-21749 | 2 Google, Mediatek | 55 Android, Mt6739, Mt6750 and 52 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. | |||||
| CVE-2022-20172 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206987222References: N/A | |||||
| CVE-2022-20303 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200573021 | |||||
| CVE-2022-20511 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829 | |||||
| CVE-2022-20263 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217935264 | |||||
| CVE-2022-20200 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212695058 | |||||
| CVE-2022-20301 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956614 | |||||
| CVE-2022-20300 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956588 | |||||
| CVE-2022-20572 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.7 MEDIUM |
| In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | |||||
| CVE-2022-20352 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-222473855 | |||||
| CVE-2022-20299 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201415895 | |||||
| CVE-2022-20298 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201416182 | |||||
| CVE-2022-20182 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A | |||||