Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2022-20118

    In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20117

    In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-20116

    In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20115

    In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privile... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-20114

    In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-20113

    In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. Use... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20112

    In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges ... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-20111

    In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID:... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6853t mt6873 mt6875 mt6877 +43 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2022-20110

    In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS063... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6853t mt6873 mt6875 mt6877 +43 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-20109

    In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915;... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6853t mt6873 mt6875 mt6877 +43 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2022-20108

    In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV0333070... Read more

    Affected Products : android linux_kernel mt9011 mt9215 mt9216 mt9221 mt9255 mt9256 mt9266 mt9269 +28 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-20107

    In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DT... Read more

    Affected Products : android linux_kernel mt9011 mt9215 mt9216 mt9221 mt9255 mt9256 mt9266 mt9269 +28 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2022-20106

    In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; I... Read more

    Affected Products : android linux_kernel mt9011 mt9215 mt9216 mt9221 mt9255 mt9256 mt9266 mt9269 +28 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2022-20105

    In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; ... Read more

    Affected Products : android linux_kernel mt9011 mt9215 mt9216 mt9221 mt9255 mt9256 mt9266 mt9269 +28 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20104

    In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS064190... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +35 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2022-20103

    In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Iss... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +35 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2022-20102

    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +35 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20101

    In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Iss... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +35 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2022-20100

    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +35 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-20099

    In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Iss... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +35 more products
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294745 Results