{"vulnerability": "CVE-2022-2027", "sightings": [{"uuid": "a9b7084b-68e0-4ffa-b60a-8ed55fc302d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20271", "type": "seen", "source": "https://t.me/cibsecurity/48030", "content": "\u203c CVE-2022-20271 \u203c\n\nIn PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672635\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:33:31.000000Z"}, {"uuid": "b03d3266-f731-43c0-aa5e-fe4535edeb75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2027", "type": "seen", "source": "https://t.me/cibsecurity/44115", "content": "\u203c CVE-2022-2027 \u203c\n\nImproper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T20:33:26.000000Z"}, {"uuid": "4f4cc6c2-5d41-4b9b-80bc-6022f354d970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20273", "type": "seen", "source": "https://t.me/cibsecurity/48085", "content": "\u203c CVE-2022-20273 \u203c\n\nIn Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206478022\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:46:50.000000Z"}, {"uuid": "6fa0bcfd-3a10-4ad9-a694-48cf5b70da66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20279", "type": "seen", "source": "https://t.me/cibsecurity/48057", "content": "\u203c CVE-2022-20279 \u203c\n\nIn DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204877302\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:39:43.000000Z"}, {"uuid": "9fa04ae9-83d3-4f8d-96da-969fd716ff0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20278", "type": "seen", "source": "https://t.me/cibsecurity/48052", "content": "\u203c CVE-2022-20278 \u203c\n\nIn Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:39:39.000000Z"}, {"uuid": "fe23ee09-2d9a-462a-a306-48817e913a28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20270", "type": "seen", "source": "https://t.me/cibsecurity/48049", "content": "\u203c CVE-2022-20270 \u203c\n\nIn Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-209005023\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:39:35.000000Z"}, {"uuid": "1ae98859-1007-4b12-9e58-2461ae1f4c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20275", "type": "seen", "source": "https://t.me/cibsecurity/48074", "content": "\u203c CVE-2022-20275 \u203c\n\nIn DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205836975\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:46:40.000000Z"}, {"uuid": "72a736e7-1090-4415-b99a-0dd3b14cbb5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20274", "type": "seen", "source": "https://t.me/cibsecurity/48072", "content": "\u203c CVE-2022-20274 \u203c\n\nIn Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206470146\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:46:38.000000Z"}]}