# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-31055 |
863 |
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect. |
2 |
CVE-2022-30721 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
3 |
CVE-2022-30720 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
4 |
CVE-2022-30719 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
5 |
CVE-2022-30717 |
863 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. |
6 |
CVE-2022-30716 |
755 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. |
7 |
CVE-2022-30715 |
862 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. |
8 |
CVE-2022-30709 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
9 |
CVE-2022-27825 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
10 |
CVE-2022-27824 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file |
11 |
CVE-2022-27823 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
12 |
CVE-2022-25647 |
502 |
|
|
2022-05-01 |
2022-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
13 |
CVE-2022-23593 |
754 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
14 |
CVE-2022-23592 |
125 |
|
|
2022-02-04 |
2022-02-10 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
15 |
CVE-2022-23591 |
400 |
|
Overflow |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
16 |
CVE-2022-23590 |
754 |
|
|
2022-02-04 |
2022-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. |
17 |
CVE-2022-23581 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
18 |
CVE-2022-23580 |
400 |
|
|
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
19 |
CVE-2022-23579 |
617 |
|
DoS |
2022-02-04 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
20 |
CVE-2022-21741 |
369 |
|
|
2022-02-03 |
2022-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
21 |
CVE-2022-21733 |
190 |
|
DoS Overflow |
2022-02-03 |
2022-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
22 |
CVE-2022-21730 |
125 |
|
|
2022-02-03 |
2022-02-08 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
23 |
CVE-2022-21728 |
125 |
|
|
2022-02-03 |
2022-02-08 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
24 |
CVE-2022-20234 |
732 |
|
|
2022-07-13 |
2022-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301 |
25 |
CVE-2022-20224 |
125 |
|
|
2022-07-13 |
2022-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646 |
26 |
CVE-2022-20209 |
787 |
|
Overflow |
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 |
27 |
CVE-2022-20188 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A |
28 |
CVE-2022-20184 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A |
29 |
CVE-2022-20179 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A |
30 |
CVE-2022-20177 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A |
31 |
CVE-2022-20175 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A |
32 |
CVE-2022-20169 |
|
|
|
2022-06-15 |
2022-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A |
33 |
CVE-2022-20151 |
|
|
|
2022-06-15 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A |
34 |
CVE-2022-20149 |
|
|
|
2022-06-15 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A |
35 |
CVE-2022-0114 |
125 |
|
|
2022-02-12 |
2022-04-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. |
36 |
CVE-2021-46743 |
843 |
|
|
2022-03-29 |
2022-04-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. |
37 |
CVE-2021-39809 |
125 |
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 |
38 |
CVE-2021-39772 |
269 |
|
|
2022-03-30 |
2022-04-06 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 |
39 |
CVE-2021-39762 |
125 |
|
Overflow |
2022-03-30 |
2022-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 |
40 |
CVE-2021-39726 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A |
41 |
CVE-2021-39716 |
|
|
|
2022-03-16 |
2022-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A |
42 |
CVE-2021-39677 |
125 |
|
|
2022-02-11 |
2022-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 |
43 |
CVE-2021-39646 |
668 |
|
|
2021-12-15 |
2021-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A |
44 |
CVE-2021-37991 |
362 |
|
|
2021-11-02 |
2022-02-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
45 |
CVE-2021-37958 |
|
|
|
2021-10-08 |
2022-02-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. |
46 |
CVE-2021-30603 |
362 |
|
|
2021-08-26 |
2021-11-30 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
47 |
CVE-2021-30593 |
125 |
|
|
2021-08-26 |
2021-11-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. |
48 |
CVE-2021-30539 |
863 |
|
Bypass |
2021-06-07 |
2021-12-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
49 |
CVE-2021-30536 |
125 |
|
|
2021-06-07 |
2021-12-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. |
50 |
CVE-2021-30511 |
125 |
|
|
2021-06-04 |
2021-12-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. |