{"vulnerability": "CVE-2022-2052", "sightings": [{"uuid": "fb7778b8-bf55-478b-a3fb-815bf17ce7dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20522", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12469", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20522\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T15:50:12.727Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-18T15:58:48.000000Z"}, {"uuid": "8238aa2f-cc83-417f-a191-62d2a6763730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20526", "type": "seen", "source": "https://t.me/cibsecurity/54742", "content": "\u203c CVE-2022-20526 \u203c\n\nIn CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T18:16:16.000000Z"}, {"uuid": "556a705d-1d4e-444f-81d8-85d9e24ff918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12472", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20528\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T15:48:19.285Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-18T15:58:54.000000Z"}, {"uuid": "f1dc6eb3-c62c-41dd-9100-5f5970718afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20529", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12474", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20529\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T15:47:25.776Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-18T15:58:56.000000Z"}, {"uuid": "e8b2473f-b966-4959-abed-4af16c1896e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20521", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20521\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T19:59:35.821Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-23T20:04:42.000000Z"}, {"uuid": "6e6f9397-e051-44fd-b510-d57d050c419c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2052", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15867", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2052\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.\n\ud83d\udccf Published: 2022-10-17T08:20:11.346Z\n\ud83d\udccf Modified: 2025-05-10T02:57:40.699Z\n\ud83d\udd17 References:\n1. https://cert.vde.com/en/advisories/VDE-2022-023/", "creation_timestamp": "2025-05-10T03:25:54.000000Z"}, {"uuid": "d9b745bc-96a0-4c4f-a6ae-4d4bc33e123b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20520", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12503", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20520\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T15:53:17.552Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-18T16:59:20.000000Z"}, {"uuid": "e2f444f3-9688-4ba7-b0e8-f5e7a1681524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20525", "type": "seen", "source": "https://t.me/cibsecurity/54730", "content": "\u203c CVE-2022-20525 \u203c\n\nIn enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:37:31.000000Z"}, {"uuid": "62437516-7198-4814-9bbf-07b77c47ba9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20522", "type": "seen", "source": "https://t.me/cibsecurity/54734", "content": "\u203c CVE-2022-20522 \u203c\n\nIn getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:37:35.000000Z"}, {"uuid": "3226f46a-9547-4f57-904b-a09e2b25728a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20520", "type": "seen", "source": "https://t.me/cibsecurity/54701", "content": "\u203c CVE-2022-20520 \u203c\n\nIn onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:30:45.000000Z"}, {"uuid": "47a6150c-b298-4c25-95c7-54f0a9d9e402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20523", "type": "seen", "source": "https://t.me/cibsecurity/54721", "content": "\u203c CVE-2022-20523 \u203c\n\nIn IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:34:37.000000Z"}, {"uuid": "a10983f1-13aa-436e-9ffe-88d6d946267f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20524", "type": "seen", "source": "https://t.me/cibsecurity/54728", "content": "\u203c CVE-2022-20524 \u203c\n\nIn compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:37:28.000000Z"}, {"uuid": "6dec8c06-8a8d-4a66-bb43-e1780767d77d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20527", "type": "seen", "source": "https://t.me/cibsecurity/54711", "content": "\u203c CVE-2022-20527 \u203c\n\nIn HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:34:26.000000Z"}, {"uuid": "3c3212f4-0188-43b4-9bf8-9fda3f546671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20529", "type": "seen", "source": "https://t.me/cibsecurity/54749", "content": "\u203c CVE-2022-20529 \u203c\n\nIn multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:40:40.000000Z"}, {"uuid": "826d6349-595b-45ce-b3fd-890252a29b11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2052", "type": "seen", "source": "https://t.me/cibsecurity/51547", "content": "\u203c CVE-2022-2052 \u203c\n\nMultiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T12:12:53.000000Z"}]}