CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20242
https://notcve.org/view.php?id=CVE-2022-20242
11 Aug 2022 — In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212 En Telephony, se presenta una posible forma de determinar si una app está instalada, sin permisos de consulta, debido a una divulgación de información por ca... • https://source.android.com/security/bulletin/android-13 • CWE-203: Observable Discrepancy •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20241
https://notcve.org/view.php?id=CVE-2022-20241
11 Aug 2022 — In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011 En Messaging, se presenta la posibilidad de adjuntar un archivo privado a un mensaje SMS debido a una comprobación de entrada inapropiada. Esto podría conllevar a una divulgación de información... • https://source.android.com/security/bulletin/android-13 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0975
https://notcve.org/view.php?id=CVE-2021-0975
11 Aug 2022 — In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273 En USB Manager, se presenta una posible forma de determinar si una aplicación está instalada, sin permisos de consulta, debido a una ... • https://source.android.com/security/bulletin/android-13 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0735
https://notcve.org/view.php?id=CVE-2021-0735
11 Aug 2022 — In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056 En PackageManager, se presenta una posible forma de conseguir información sobre los paquetes instalados ignorando las limitaciones introduci... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0734
https://notcve.org/view.php?id=CVE-2021-0734
11 Aug 2022 — In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911 En Settings, es posible determinar si una app está instalada sin permisos de consulta, debido a la d... • https://source.android.com/security/bulletin/android-13 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-20338
https://notcve.org/view.php?id=CVE-2022-20338
11 Aug 2022 — In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843 En Core Utilities, es posible diseñar un objeto Uri malformado debido a una comprobación de entra... • https://github.com/Satheesh575555/frameworks_base_AOSP_06_r22_CVE-2022-20338 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20361
https://notcve.org/view.php?id=CVE-2022-20361
09 Aug 2022 — In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 En la función btif_dm_auth_cmpl_evt del archivo btif_dm.cc, se presenta una posible vulnerabilidad en la Derivación de Claves... • https://github.com/francozappa/blur •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20360
https://notcve.org/view.php?id=CVE-2022-20360
09 Aug 2022 — In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987 En la función setChecked del archivo SecureNfcPreferenceController.java, falta una comprobación de permisos. Esto podría conllevar a una escalada local de privileg... • https://github.com/726232111/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20358
https://notcve.org/view.php?id=CVE-2022-20358
09 Aug 2022 — In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 En la función startSync del archivo AbstractThreadedSyncAdapter.java, se presenta una posible forma de acceder al contenido p... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20357
https://notcve.org/view.php?id=CVE-2022-20357
09 Aug 2022 — In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987 En la función writeToParcel del archivo SurfaceControl.cpp, se presenta una posible divulgación de información debido a datos no inicializados. Esto podría conllevar a una divulgación de... • https://source.android.com/security/bulletin/2022-08-01 • CWE-908: Use of Uninitialized Resource •