CVE-2022-38669 In soundrecorder service, there is a missing permission check
There is also a race condition in handling of screenshots when recording. There is a blocking call in the service that might lead to a
CVE-2022-38698 In messaging service, there is a missing permission check
There is a missing permission check in messages service. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
CVE-2022-20464 In ap_input_processor.c there is a possible way to record audio during a phone call due to a logic error. This could lead to local information disclosure with User execution privileges needed.
The issue exists in ap_input_processor.c function parse_record() which reads a variable named ‘command’ which is used to detect is the request
CVE-2021-22685 An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1
This may occur if you have a file ending in .js that is served via a relative path, such as /julialang/file.js . File extensions
CVE-2022-39011 The HISP module has a vulnerability that allows access in the kernel space. Successful exploitation may cause unauthorized access.
To view this information, a user only needs to add a specific string of characters to the end of the request. In other words, an
Episode
00:00:00
00:00:00