CVE-2022-20391

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000

Source: CVE-2022-20391

CVE-2022-20392

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615

Source: CVE-2022-20392

CVE-2022-20393

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886

Source: CVE-2022-20393

CVE-2022-20395

In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295

Source: CVE-2022-20395

CVE-2022-20388

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323

Source: CVE-2022-20388

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can’t make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.

Source: CVE-2022-32244

CVE-2022-3182

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.

Source: CVE-2022-3182

CVE-2022-20386

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328

Source: CVE-2022-20386

CVE-2021-0943

In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921

Source: CVE-2021-0943

CVE-2022-20387

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324

Source: CVE-2022-20387