Skip to main content

Android

7243 CVEs product

Monthly

CVE-2022-20415 HIGH PATCH This Week

In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20413 MEDIUM PATCH This Month

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-20412 MEDIUM PATCH This Month

In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20410 HIGH PATCH This Week

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-20409 MEDIUM PATCH This Month

In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Memory Corruption Use After Free +1
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-20394 MEDIUM PATCH This Month

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2022-20351 MEDIUM PATCH This Month

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure SQLi Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-32593 MEDIUM This Month

In vowe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32592 MEDIUM This Month

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32591 HIGH This Week

In ril, there is a possible system crash due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-32590 MEDIUM This Month

In wlan, there is a possible use after free due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32589 HIGH This Week

In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-26475 MEDIUM This Month

In wlan, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26474 MEDIUM This Month

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26473 MEDIUM This Month

In vdec fmt, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26472 HIGH This Week

In ims, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-26471 HIGH This Week

In telephony, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-26452 MEDIUM This Month

In isp, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-39856 LOW Monitor

Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39855 MEDIUM This Month

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-39854 HIGH This Week

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39853 HIGH This Week

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39852 HIGH This Week

A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39851 LOW Monitor

Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39850 LOW Monitor

Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39849 LOW Monitor

Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39848 LOW Monitor

Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39847 MEDIUM This Month

Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-36868 LOW Monitor

Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-20364 HIGH This Week

In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20231 MEDIUM This Month

In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20399 MEDIUM PATCH This Month

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20398 HIGH PATCH This Week

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20396 MEDIUM PATCH This Month

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20395 HIGH This Week

In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Path Traversal Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20393 MEDIUM PATCH This Month

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20392 HIGH PATCH This Week

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20391 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20390 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20389 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20388 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20387 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20386 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20385 CRITICAL Act Now

a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-39119 HIGH This Week

In network service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36863 HIGH This Week

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36862 HIGH This Week

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36861 MEDIUM This Month

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-36860 HIGH This Week

A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36858 HIGH This Week

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36857 LOW Monitor

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android Photo Editor
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2022-36856 LOW Monitor

Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-36855 HIGH This Week

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36854 MEDIUM This Month

Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-36853 HIGH This Week

Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-36852 LOW Monitor

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-36850 MEDIUM This Month

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-36849 HIGH This Week

Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36848 MEDIUM This Month

Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-36847 HIGH This Week

Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36846 HIGH This Week

A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36845 HIGH This Week

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36844 HIGH This Week

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36843 HIGH This Week

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36842 HIGH This Week

A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36841 HIGH This Week

A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-26470 MEDIUM This Month

In aie, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26469 HIGH This Week

In MtkEmail, there is a possible escalation of privilege due to fragment injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26468 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-26467 MEDIUM This Month

In rpmb, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26466 MEDIUM This Month

In audio ipi, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26465 MEDIUM This Month

In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26464 MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26463 MEDIUM This Month

In vow, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-26462 MEDIUM This Month

In vow, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-26461 MEDIUM This Month

In vow, there is a possible undefined behavior due to an API misuse. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26460 MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26459 MEDIUM This Month

In vow, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-26458 MEDIUM This Month

In vow, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26457 MEDIUM This Month

In vow, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26456 MEDIUM This Month

In vow, there is a possible information disclosure due to a symbolic link following. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-26455 MEDIUM This Month

In gz, there is a possible memory corruption due to incorrect error handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26454 MEDIUM This Month

In teei, there is a possible memory corruption due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26453 MEDIUM This Month

In teei, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Buffer Overflow Use After Free +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26451 MEDIUM This Month

In ged, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26450 MEDIUM This Month

In apusys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-26449 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26448 MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26447 CRITICAL Act Now

In BT firmware, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Android Yocto
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-20122 CRITICAL Act Now

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Use After Free Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Privilege Escalation +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow +1
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation +3
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure SQLi +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vowe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In ril, there is a possible system crash due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan, there is a possible use after free due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Yocto +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec fmt, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ims, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In telephony, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In isp, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Path Traversal Privilege Escalation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In network service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android Photo Editor
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In aie, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In MtkEmail, there is a possible escalation of privilege due to fragment injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In rpmb, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In audio ipi, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vow, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vow, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vow, there is a possible undefined behavior due to an API misuse. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vow, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vow, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vow, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vow, there is a possible information disclosure due to a symbolic link following. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gz, there is a possible memory corruption due to incorrect error handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In teei, there is a possible memory corruption due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In teei, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ged, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In apusys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In apusys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In BT firmware, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +2
NVD
Prev Page 35 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy