| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-27825 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
2 |
CVE-2022-27824 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file |
|
3 |
CVE-2022-27823 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
4 |
CVE-2022-25647 |
502 |
|
|
2022-05-01 |
2022-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
|
5 |
CVE-2022-23593 |
754 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
|
6 |
CVE-2022-23592 |
125 |
|
|
2022-02-04 |
2022-02-10 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
|
7 |
CVE-2022-23591 |
400 |
|
Overflow |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
8 |
CVE-2022-23590 |
754 |
|
|
2022-02-04 |
2022-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. |
|
9 |
CVE-2022-23581 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
10 |
CVE-2022-23580 |
400 |
|
|
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
11 |
CVE-2022-23579 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
12 |
CVE-2022-21741 |
369 |
|
|
2022-02-03 |
2022-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
13 |
CVE-2022-21733 |
190 |
|
DoS Overflow |
2022-02-03 |
2022-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
14 |
CVE-2022-21730 |
125 |
|
|
2022-02-03 |
2022-02-08 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
15 |
CVE-2022-21728 |
125 |
|
|
2022-02-03 |
2022-02-08 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
|
16 |
CVE-2022-0114 |
125 |
|
|
2022-02-12 |
2022-04-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. |
|
17 |
CVE-2021-46743 |
843 |
|
|
2022-03-29 |
2022-04-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. |
|
18 |
CVE-2021-39809 |
125 |
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 |
|
19 |
CVE-2021-39772 |
269 |
|
|
2022-03-30 |
2022-04-06 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 |
|
20 |
CVE-2021-39762 |
125 |
|
Overflow |
2022-03-30 |
2022-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 |
|
21 |
CVE-2021-39726 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A |
|
22 |
CVE-2021-39716 |
|
|
|
2022-03-16 |
2022-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A |
|
23 |
CVE-2021-39677 |
125 |
|
|
2022-02-11 |
2022-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 |
|
24 |
CVE-2021-39646 |
668 |
|
|
2021-12-15 |
2021-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A |
|
25 |
CVE-2021-37991 |
362 |
|
|
2021-11-02 |
2022-02-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
26 |
CVE-2021-37958 |
|
|
|
2021-10-08 |
2022-02-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. |
|
27 |
CVE-2021-30603 |
362 |
|
|
2021-08-26 |
2021-11-30 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
28 |
CVE-2021-30593 |
125 |
|
|
2021-08-26 |
2021-11-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. |
|
29 |
CVE-2021-30539 |
863 |
|
Bypass |
2021-06-07 |
2021-12-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
30 |
CVE-2021-30536 |
125 |
|
|
2021-06-07 |
2021-12-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. |
|
31 |
CVE-2021-30511 |
125 |
|
|
2021-06-04 |
2021-12-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. |
|
32 |
CVE-2021-25516 |
755 |
|
|
2021-12-08 |
2021-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. |
|
33 |
CVE-2021-25485 |
22 |
|
Dir. Trav. |
2021-10-06 |
2021-10-13 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. |
|
34 |
CVE-2021-25483 |
125 |
|
|
2021-10-06 |
2021-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. |
|
35 |
CVE-2021-25426 |
200 |
|
+Info |
2021-07-08 |
2021-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. |
|
36 |
CVE-2021-25417 |
863 |
|
|
2021-06-11 |
2021-06-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. |
|
37 |
CVE-2021-25337 |
863 |
|
|
2021-03-04 |
2021-03-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. |
|
38 |
CVE-2021-25330 |
|
|
DoS |
2021-03-02 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. |
|
39 |
CVE-2021-22570 |
476 |
|
|
2022-01-26 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. |
|
40 |
CVE-2021-22565 |
732 |
|
|
2021-12-09 |
2021-12-14 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater. |
|
41 |
CVE-2021-22553 |
400 |
|
|
2021-02-17 |
2021-02-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. |
|
42 |
CVE-2021-22492 |
120 |
|
Overflow |
2021-01-05 |
2021-01-08 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021). |
|
43 |
CVE-2021-21205 |
|
|
Bypass |
2021-04-26 |
2021-06-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
|
44 |
CVE-2021-21125 |
287 |
|
Bypass |
2021-02-09 |
2021-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. |
|
45 |
CVE-2021-3189 |
601 |
|
|
2021-02-19 |
2021-04-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. |
|
46 |
CVE-2021-1045 |
668 |
|
|
2021-12-15 |
2021-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A |
|
47 |
CVE-2021-1037 |
668 |
|
|
2022-01-14 |
2022-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 |
|
48 |
CVE-2021-1022 |
476 |
|
DoS |
2021-12-15 |
2021-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180420059 |
|
49 |
CVE-2021-1002 |
125 |
|
|
2021-12-15 |
2021-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433 |
|
50 |
CVE-2021-0965 |
281 |
|
|
2021-12-15 |
2021-12-17 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 |
