Security Vulnerabilities - CVEs Published In August 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-11
Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.
CVSS Score
8.3
EPSS Score
0.007
Published
2022-08-11
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel
CVSS Score
6.7
EPSS Score
0.0
Published
2022-08-11
In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212804042References: N/A
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-11
In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229621649References: N/A
CVSS Score
9.8
EPSS Score
0.006
Published
2022-08-11
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011
CVSS Score
3.3
EPSS Score
0.0
Published
2022-08-11
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-11
In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986
CVSS Score
4.4
EPSS Score
0.0
Published
2022-08-11
A vulnerability classified as problematic was found in SourceCodester Library Management System. This vulnerability affects unknown code of the file /qr/I/. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206164.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-08-11
A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-08-11