CVE-2022-20396

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688

Related Vulnerabilities

CVE-2019-10157

MEDIUM
CVSS:5.5(Medium)

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use thi...

CWE-3452019

CVE-2020-14122

MEDIUM
CVSS:5.5(Medium)

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.

CWE-3452020

CVE-2020-23906

MEDIUM
CVSS:5.5(Medium)

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.

CWE-3452020

CVE-2020-9885

MEDIUM
CVSS:5.5(Medium)

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchO...

CWE-3452020

CVE-2021-22419

MEDIUM
CVSS:5.5(Medium)

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.

CWE-3452021

CVE-2021-22460

MEDIUM
CVSS:5.5(Medium)

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.

CWE-3452021