Google: >> Android >> 10.0 Security Vulnerabilities
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
CVSS Score
2.4
EPSS Score
0.0
Published
2022-08-05
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
CVSS Score
4.8
EPSS Score
0.0
Published
2022-08-05
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-08-05
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-08-05
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-08-05
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
CVSS Score
4.8
EPSS Score
0.0
Published
2022-08-05
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-08-05
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVSS Score
5.9
EPSS Score
0.0
Published
2022-08-05
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613
CVSS Score
5.5
EPSS Score
0.0
Published
2022-07-13
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-13