Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-20575

    In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2022-20538

    In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution ... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2022-20517

    In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ex... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2022-20500

    In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20496

    In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20467

    In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitati... Read more

    Affected Products : android
    • Published: Mar. 24, 2023
    • Modified: Feb. 28, 2025

  • 5.5

    MEDIUM
    CVE-2022-20464

    In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-20482

    In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. ... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20458

    The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the Statu... Read more

    Affected Products : android
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-20510

    In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additi... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-20494

    In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product... Read more

    Affected Products : android
    • Published: Jan. 26, 2023
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2022-20471

    In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20448

    In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20513

    In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produ... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-20437

    In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929... Read more

    Affected Products : android
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20481

    In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: A... Read more

    Affected Products : android
    • Published: Feb. 28, 2023
    • Modified: Mar. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-20453

    In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is neede... Read more

    Affected Products : android
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20396

    In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges n... Read more

    Affected Products : android
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20455

    In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Feb. 28, 2023
    • Modified: Mar. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-20399

    In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction... Read more

    Affected Products : android
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293309 Results