Total
237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20336 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network during VPN lockdown mode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-177239688 | |||||
CVE-2022-36857 | 2 Google, Samsung | 2 Android, Photo Editor | 2023-12-10 | N/A | 2.4 LOW |
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | |||||
CVE-2022-39885 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | |||||
CVE-2022-20446 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 | |||||
CVE-2022-36868 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
CVE-2022-20342 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-143534321 | |||||
CVE-2022-20339 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171572148 | |||||
CVE-2022-20310 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-192663798 | |||||
CVE-2022-33724 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | |||||
CVE-2022-20321 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176859 | |||||
CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2023-12-10 | N/A | 3.3 LOW |
Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | |||||
CVE-2022-20320 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187956596 | |||||
CVE-2022-33722 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | |||||
CVE-2022-39849 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||||
CVE-2022-20262 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218338453 | |||||
CVE-2022-33725 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. | |||||
CVE-2022-33714 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | |||||
CVE-2022-20316 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190726121 | |||||
CVE-2022-20340 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-166269532 | |||||
CVE-2022-33728 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. |