Google Android vulnerabilities

CVE-2022-20353 [MEDIUM] CWE-20 CVE-2022-20353: In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid

CVE-2022-20355 [MEDIUM] CWE-20 CVE-2022-20355: In get of PacProxyService.java, there is a possible system service crash due to improper input valid In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290

CVE-2022-20352 [MEDIUM] CWE-862 CVE-2022-20352: In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android

CVE-2022-20358 [LOW] CWE-862 CVE-2022-20358: In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected conten In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 An

CVE-2022-33719 [CRITICAL] CWE-20 CVE-2022-33719: Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause inte Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.

CVE-2022-33732 [HIGH] CWE-287 CVE-2022-33732: Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows l Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.

CVE-2022-33731 [HIGH] CWE-284 CVE-2022-33731: Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows atta Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.

CVE-2022-33715 [MEDIUM] CWE-20 CVE-2022-33715: Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 R Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

CVE-2022-33717 [MEDIUM] CWE-125 CVE-2022-33717: A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

CVE-2022-33723 [MEDIUM] CWE-1021 CVE-2022-33723: A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attacke A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

CVE-2022-33721 [MEDIUM] CWE-94 CVE-2022-33721: A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers t A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.

CVE-2022-33730 [MEDIUM] CWE-787 CVE-2022-33730: Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allow Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.

CVE-2022-33727 [MEDIUM] CWE-1021 CVE-2022-33727: A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attac A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

CVE-2022-33716 [MEDIUM] CWE-457 CVE-2022-33716: An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attack An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

CVE-2022-33725 [LOW] CWE-94 CVE-2022-33725: A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

CVE-2022-33729 [LOW] CWE-20 CVE-2022-33729: Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 R Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-33722 [LOW] CWE-285 CVE-2022-33722: Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacke Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.

CVE-2022-33726 [LOW] CWE-561 CVE-2022-33726: Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attack Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.

CVE-2022-33714 [LOW] CWE-284 CVE-2022-33714: Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

CVE-2022-33718 [LOW] CWE-863 CVE-2022-33718: An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows unt An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.