CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20225
https://notcve.org/view.php?id=CVE-2022-20225
13 Jul 2022 — In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213457638 En la función getSubscriptionProperty del archivo SubscriptionController.java, se presenta una posible lectura de un identificado... • https://source.android.com/security/bulletin/2022-07-01 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20224
https://notcve.org/view.php?id=CVE-2022-20224
13 Jul 2022 — In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646 En la función AT_SKIP_REST del archivo bta_hf_client_at.cc, se presenta una posible lectura fuera de límites debido a una comprobación de... • https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20223
https://notcve.org/view.php?id=CVE-2022-20223
13 Jul 2022 — In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534 En la función assertSafeToStartCustomActivity del archivo AppRestrictionsFragment.java, se presenta una posible f... • https://github.com/xbee9/cve-2022-20223 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20221
https://notcve.org/view.php?id=CVE-2022-20221
13 Jul 2022 — In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133 En la función avrc_ctrl_pars_vendor_cmd del archivo avrc_pars_ct.cc, se presenta una posible lectura fuera de límites debido a una compr... • https://source.android.com/security/bulletin/2022-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20219
https://notcve.org/view.php?id=CVE-2022-20219
13 Jul 2022 — In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 En varias funciones de StorageManagerService.java y UserManagerService.java, es posible dejar l... • https://source.android.com/security/bulletin/2022-07-01 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33704
https://notcve.org/view.php?id=CVE-2022-33704
11 Jul 2022 — Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Una vulnerabilidad de comprobación inapropiada en ucmRetParcelable de KnoxSDK versiones anteriores a SMR Jul-2022 Release 1, permite a atacantes lanzar determinadas actividades • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33703
https://notcve.org/view.php?id=CVE-2022-33703
11 Jul 2022 — Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Una vulnerabilidad de comprobación inapropiada en CACertificateInfo versiones anteriores a SMR Jul-2022 Release 1, permite a atacantes iniciar determinadas actividades • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33702
https://notcve.org/view.php?id=CVE-2022-33702
11 Jul 2022 — Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. Una vulnerabilidad de autorización inapropiada en Knoxguard versiones anteriores a SMR Jul-2022 Release 1, permite a un atacante local deshabilitar keyguard y omitir el bloqueo de Knoxguard mediante un restablecimiento de fábrica • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7 • CWE-285: Improper Authorization •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33701
https://notcve.org/view.php?id=CVE-2022-33701
11 Jul 2022 — Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. Una vulnerabilidad de control de acceso inapropiado en KnoxCustomManagerService versiones anteriores a SMR Jul-2022 Release 1, permite al atacante llamar al método PowerManaer.goToSleep que está protegido por el permiso del sistema mediante el envío de braodcast intent • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7 • CWE-284: Improper Access Control •
CVSS: 2.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33700
https://notcve.org/view.php?id=CVE-2022-33700
11 Jul 2022 — Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Una exposición de información confidencial en putDsaSimImsi en TelephonyUI versiones anteriores a SMR Jul-2022 Release 1, permite a un atacante local acceder a imsi por medio del registro • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •