Security Vulnerabilities - CVEs Published In August 2022
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230868108
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-12
In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230866011
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-12
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082784
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-12
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082360
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-12
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203683960
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-12
In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203549963
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-12
In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203430648
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-12
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
CVSS Score
7.2
EPSS Score
0.026
Published
2022-08-12
In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545125
CVSS Score
6.5
EPSS Score
0.001
Published
2022-08-12
In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547
CVSS Score
8.8
EPSS Score
0.0
Published
2022-08-12