# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-33702 |
863 |
|
Bypass |
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. |
2 |
CVE-2022-33701 |
829 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. |
3 |
CVE-2022-33700 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
4 |
CVE-2022-33699 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
5 |
CVE-2022-33698 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. |
6 |
CVE-2022-33697 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
7 |
CVE-2022-33696 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
8 |
CVE-2022-33694 |
668 |
|
|
2022-07-12 |
2022-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. |
9 |
CVE-2022-33693 |
532 |
|
|
2022-07-12 |
2022-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
10 |
CVE-2022-33692 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
11 |
CVE-2022-33690 |
22 |
|
Dir. Trav. |
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. |
12 |
CVE-2022-33689 |
732 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. |
13 |
CVE-2022-33688 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
14 |
CVE-2022-33687 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. |
15 |
CVE-2022-33686 |
552 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
16 |
CVE-2022-33685 |
|
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. |
17 |
CVE-2022-30758 |
276 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. |
18 |
CVE-2022-30757 |
863 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. |
19 |
CVE-2022-30753 |
276 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. |
20 |
CVE-2022-30752 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. |
21 |
CVE-2022-30751 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. |
22 |
CVE-2022-30750 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. |
23 |
CVE-2022-30729 |
|
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. |
24 |
CVE-2022-30728 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
25 |
CVE-2022-30727 |
755 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
26 |
CVE-2022-30714 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
27 |
CVE-2022-29213 |
20 |
|
|
2022-05-21 |
2022-06-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
28 |
CVE-2022-29212 |
20 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
29 |
CVE-2022-29211 |
20 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
30 |
CVE-2022-29210 |
120 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. |
31 |
CVE-2022-29209 |
843 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
32 |
CVE-2022-29207 |
20 |
|
|
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
33 |
CVE-2022-29206 |
20 |
|
|
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
34 |
CVE-2022-29205 |
476 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
35 |
CVE-2022-29204 |
20 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
36 |
CVE-2022-29203 |
190 |
|
DoS Overflow |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
37 |
CVE-2022-29202 |
20 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
38 |
CVE-2022-29201 |
20 |
|
|
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
39 |
CVE-2022-29200 |
20 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
40 |
CVE-2022-29199 |
20 |
|
DoS |
2022-05-20 |
2022-05-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
41 |
CVE-2022-29198 |
20 |
|
DoS |
2022-05-20 |
2022-05-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
42 |
CVE-2022-29197 |
20 |
|
DoS |
2022-05-20 |
2022-05-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
43 |
CVE-2022-29196 |
20 |
|
DoS |
2022-05-20 |
2022-05-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
44 |
CVE-2022-29195 |
20 |
|
DoS |
2022-05-20 |
2022-05-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
45 |
CVE-2022-29194 |
20 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
46 |
CVE-2022-29193 |
20 |
|
DoS |
2022-05-20 |
2022-05-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
47 |
CVE-2022-29192 |
20 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
48 |
CVE-2022-29191 |
20 |
|
DoS |
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
49 |
CVE-2022-28794 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. |
50 |
CVE-2022-28788 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |