| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-28788 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
2 |
CVE-2022-28787 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
3 |
CVE-2022-28786 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
4 |
CVE-2022-28785 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
5 |
CVE-2022-28784 |
22 |
|
Dir. Trav. |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. |
|
6 |
CVE-2022-28783 |
20 |
|
|
2022-05-03 |
2022-05-11 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. |
|
7 |
CVE-2022-28782 |
863 |
|
|
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. |
|
8 |
CVE-2022-28780 |
|
|
|
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. |
|
9 |
CVE-2022-27832 |
125 |
|
DoS |
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. |
|
10 |
CVE-2022-27831 |
125 |
|
|
2022-04-11 |
2022-04-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. |
|
11 |
CVE-2022-27825 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
12 |
CVE-2022-27824 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file |
|
13 |
CVE-2022-27823 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
14 |
CVE-2022-27822 |
668 |
|
|
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. |
|
15 |
CVE-2022-27821 |
125 |
|
DoS |
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. |
|
16 |
CVE-2022-27576 |
668 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission |
|
17 |
CVE-2022-27575 |
668 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. |
|
18 |
CVE-2022-26091 |
287 |
|
Bypass |
2022-04-11 |
2022-04-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. |
|
19 |
CVE-2022-26090 |
668 |
|
|
2022-04-11 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. |
|
20 |
CVE-2022-25833 |
287 |
|
|
2022-04-11 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. |
|
21 |
CVE-2022-25832 |
287 |
|
|
2022-04-11 |
2022-04-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. |
|
22 |
CVE-2022-25831 |
287 |
|
|
2022-04-11 |
2022-04-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. |
|
23 |
CVE-2022-25822 |
416 |
|
|
2022-03-10 |
2022-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. |
|
24 |
CVE-2022-25820 |
307 |
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. |
|
25 |
CVE-2022-25817 |
287 |
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. |
|
26 |
CVE-2022-25816 |
287 |
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication |
|
27 |
CVE-2022-25815 |
|
|
|
2022-03-10 |
2022-03-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
|
28 |
CVE-2022-25814 |
|
|
|
2022-03-10 |
2022-03-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
|
29 |
CVE-2022-25647 |
502 |
|
|
2022-05-01 |
2022-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
|
30 |
CVE-2022-25327 |
276 |
|
DoS |
2022-02-25 |
2022-03-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above |
|
31 |
CVE-2022-25326 |
400 |
|
|
2022-02-25 |
2022-03-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. |
|
32 |
CVE-2022-24932 |
425 |
|
|
2022-03-10 |
2022-03-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. |
|
33 |
CVE-2022-24931 |
863 |
|
|
2022-03-10 |
2022-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission |
|
34 |
CVE-2022-24929 |
|
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. |
|
35 |
CVE-2022-24001 |
|
|
|
2022-02-11 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. |
|
36 |
CVE-2022-24000 |
|
|
|
2022-02-11 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. |
|
37 |
CVE-2022-23999 |
|
|
|
2022-02-11 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. |
|
38 |
CVE-2022-23595 |
476 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
39 |
CVE-2022-23594 |
125 |
|
|
2022-02-04 |
2022-02-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. |
|
40 |
CVE-2022-23593 |
754 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
|
41 |
CVE-2022-23592 |
125 |
|
|
2022-02-04 |
2022-02-10 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
|
42 |
CVE-2022-23591 |
400 |
|
Overflow |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
43 |
CVE-2022-23590 |
754 |
|
|
2022-02-04 |
2022-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. |
|
44 |
CVE-2022-23589 |
476 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
45 |
CVE-2022-23588 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
46 |
CVE-2022-23586 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
47 |
CVE-2022-23585 |
401 |
|
Exec Code |
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
48 |
CVE-2022-23584 |
416 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
49 |
CVE-2022-23583 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
50 |
CVE-2022-23582 |
617 |
|
DoS Overflow |
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
