Google Android vulnerabilities

CVE-2022-20255 [MEDIUM] CWE-862 CVE-2022-20255: In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222687217

CVE-2022-20287 [MEDIUM] CVE-2022-20287: In AppSearchManagerService, there is a possible way to determine whether an app is installed, withou In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-

CVE-2022-20294 [MEDIUM] CWE-862 CVE-2022-20294: In Content, there is a possible way to learn about an account present on the device due to a missing In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160705

CVE-2022-20333 [MEDIUM] CWE-476 CVE-2022-20333: In Bluetooth, there is a possible crash due to a missing null check. This could lead to remote denia In Bluetooth, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-179161657

CVE-2022-20276 [MEDIUM] CWE-203 CVE-2022-20276: In DevicePolicyManager, there is a possible way to determine whether an app is installed, without qu In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID

CVE-2022-20300 [MEDIUM] CWE-862 CVE-2022-20300: In Content, there is a possible way to check if the given account exists on the device due to a miss In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956588

CVE-2022-20295 [MEDIUM] CWE-862 CVE-2022-20295: In ContentService, there is a possible way to check if an account exists on the device due to a miss In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160584

CVE-2022-20324 [MEDIUM] CWE-203 CVE-2022-20324: In Framework, there is a possible way to determine whether an app is installed, without query permis In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187042

CVE-2022-20307 [LOW] CWE-203 CVE-2022-20307: In AlarmManagerService, there is a possible way to determine whether an app is installed, without qu In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A

CVE-2022-20320 [LOW] CWE-203 CVE-2022-20320: In ActivityManager, there is a possible way to determine whether an app is installed, without query In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-1879

CVE-2022-20267 [LOW] CWE-862 CVE-2022-20267: In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211646835

CVE-2022-20311 [LOW] CWE-862 CVE-2022-20311: In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missi In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-192663553

CVE-2022-20257 [LOW] CVE-2022-20257: In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222289114

CVE-2022-20330 [LOW] CWE-862 CVE-2022-20330: In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awaren In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181962588

CVE-2022-20318 [LOW] CWE-203 CVE-2022-20318: In PackageInstaller, there is a possible way to determine whether an app is installed, without query In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-19

CVE-2022-20336 [LOW] CWE-862 CVE-2022-20336: In Settings, there is a possible installed application disclosure due to a missing permission check. In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network during VPN lockdown mode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13

CVE-2022-20280 [LOW] CWE-89 CVE-2022-20280: In MMSProvider, there is a possible read of protected data due to improper input validationSQL injec In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261

CVE-2022-20321 [LOW] CWE-862 CVE-2022-20321: In Settings, there is a possible way for an application without permissions to read content of WiFi In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176859

CVE-2022-20338 [LOW] CWE-20 CVE-2022-20338: In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion

CVE-2022-20340 [LOW] CWE-862 CVE-2022-20340: In SELinux policy, there is a possible way of inferring which websites are being opened in the brows In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-166269532