| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33732 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. |
|
2 |
CVE-2022-33731 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. |
|
3 |
CVE-2022-33730 |
787 |
|
Exec Code Overflow |
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. |
|
4 |
CVE-2022-33729 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
5 |
CVE-2022-33728 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. |
|
6 |
CVE-2022-33727 |
1021 |
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. |
|
7 |
CVE-2022-33726 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. |
|
8 |
CVE-2022-33725 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. |
|
9 |
CVE-2022-33724 |
319 |
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. |
|
10 |
CVE-2022-33723 |
1021 |
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. |
|
11 |
CVE-2022-33722 |
|
|
|
2022-08-05 |
2022-08-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. |
|
12 |
CVE-2022-33721 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. |
|
13 |
CVE-2022-33720 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. |
|
14 |
CVE-2022-33719 |
190 |
|
Overflow |
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. |
|
15 |
CVE-2022-33718 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. |
|
16 |
CVE-2022-33717 |
125 |
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. |
|
17 |
CVE-2022-33716 |
908 |
|
|
2022-08-05 |
2022-08-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. |
|
18 |
CVE-2022-33715 |
22 |
|
Dir. Trav. |
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. |
|
19 |
CVE-2022-33714 |
|
|
|
2022-08-05 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. |
|
20 |
CVE-2022-25831 |
287 |
|
|
2022-04-11 |
2022-04-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. |
|
21 |
CVE-2022-20408 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A |
|
22 |
CVE-2022-20407 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A |
|
23 |
CVE-2022-20406 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A |
|
24 |
CVE-2022-20405 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A |
|
25 |
CVE-2022-20404 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A |
|
26 |
CVE-2022-20403 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A |
|
27 |
CVE-2022-20402 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A |
|
28 |
CVE-2022-20401 |
125 |
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-226446030References: N/A |
|
29 |
CVE-2022-20400 |
787 |
|
Exec Code |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225178325References: N/A |
|
30 |
CVE-2022-20384 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A |
|
31 |
CVE-2022-20383 |
190 |
|
Overflow |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222408847References: N/A |
|
32 |
CVE-2022-20382 |
787 |
|
Overflow |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-214245176References: Upstream kernel |
|
33 |
CVE-2022-20381 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A |
|
34 |
CVE-2022-20380 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A |
|
35 |
CVE-2022-20379 |
416 |
|
Exec Code |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209436980References: N/A |
|
36 |
CVE-2022-20378 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A |
|
37 |
CVE-2022-20377 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222339795References: N/A |
|
38 |
CVE-2022-20376 |
416 |
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A |
|
39 |
CVE-2022-20375 |
125 |
|
DoS Exec Code |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180956894References: N/A |
|
40 |
CVE-2022-20374 |
326 |
|
Bypass |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201078231References: N/A |
|
41 |
CVE-2022-20373 |
362 |
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208269510References: N/A |
|
42 |
CVE-2022-20372 |
416 |
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195480799References: N/A |
|
43 |
CVE-2022-20371 |
362 |
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195565510References: Upstream kernel |
|
44 |
CVE-2022-20370 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A |
|
45 |
CVE-2022-20369 |
787 |
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel |
|
46 |
CVE-2022-20368 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel |
|
47 |
CVE-2022-20367 |
190 |
|
Overflow |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877459References: N/A |
|
48 |
CVE-2022-20366 |
190 |
|
Overflow |
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877745References: N/A |
|
49 |
CVE-2022-20365 |
|
|
|
2022-08-11 |
2022-08-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A |
|
50 |
CVE-2022-20362 |
190 |
|
Exec Code Overflow |
2022-08-12 |
2022-08-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230756082 |
