Export limit exceeded: 10749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20137 | 1 Google | 1 Android | 2024-11-21 | 7.3 High |
| In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392 | ||||
| CVE-2022-20133 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 | ||||
| CVE-2022-20126 | 1 Google | 1 Android | 2024-11-21 | 7.3 High |
| In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023 | ||||
| CVE-2022-20121 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | ||||
| CVE-2022-20115 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427 | ||||
| CVE-2022-20102 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-11-21 | 4.4 Medium |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. | ||||
| CVE-2022-20100 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-11-21 | 4.4 Medium |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. | ||||
| CVE-2022-20098 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-11-21 | 4.4 Medium |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. | ||||
| CVE-2022-20093 | 2 Google, Mediatek | 57 Android, Mt6731, Mt6732 and 54 more | 2024-11-21 | 7.8 High |
| In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | ||||
| CVE-2022-20084 | 2 Google, Mediatek | 55 Android, Mt6731, Mt6732 and 52 more | 2024-11-21 | 7.8 High |
| In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | ||||
| CVE-2022-20054 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2024-11-21 | 7.8 High |
| In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. | ||||
| CVE-2022-20053 | 2 Google, Mediatek | 60 Android, Mt6731, Mt6732 and 57 more | 2024-11-21 | 7.8 High |
| In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. | ||||
| CVE-2022-20049 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6785 and 18 more | 2024-11-21 | 6.7 Medium |
| In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. | ||||
| CVE-2022-20043 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2024-11-21 | 7.8 High |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. | ||||
| CVE-2022-20041 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2024-11-21 | 7.8 High |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. | ||||
| CVE-2022-20024 | 2 Google, Mediatek | 28 Android, Mt6580, Mt6739 and 25 more | 2024-11-21 | 7.8 High |
| In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. | ||||
| CVE-2022-20011 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 | ||||
| CVE-2022-20004 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767 | ||||
| CVE-2022-20002 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 | ||||
| CVE-2022-1983 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. | ||||