{"vulnerability": "CVE-2022-2039", "sightings": [{"uuid": "1624c5ce-68a2-417f-85ba-122a9b39051b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20397", "type": "seen", "source": "https://t.me/cibsecurity/51456", "content": "\u203c CVE-2022-20397 \u203c\n\nIn SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T20:29:17.000000Z"}, {"uuid": "29cbe305-b2c6-4765-aa2d-96e42b953d5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20393", "type": "seen", "source": "https://t.me/cibsecurity/49734", "content": "\u203c CVE-2022-20393 \u203c\n\nIn extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T00:26:01.000000Z"}, {"uuid": "f5ac52b1-8364-42fe-b186-59c10a4b9b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2039", "type": "seen", "source": "https://t.me/cibsecurity/46477", "content": "\u203c CVE-2022-2039 \u203c\n\nThe Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:51.000000Z"}, {"uuid": "ad904637-bc23-48e7-b424-cc21a63b73cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20395", "type": "seen", "source": "https://t.me/cibsecurity/49726", "content": "\u203c CVE-2022-20395 \u203c\n\nIn checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T00:25:48.000000Z"}, {"uuid": "c0a4ffe4-da6f-438a-9c75-1a2c656781e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20398", "type": "seen", "source": "https://t.me/cibsecurity/49725", "content": "\u203c CVE-2022-20398 \u203c\n\nIn addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T00:25:47.000000Z"}, {"uuid": "d4fad102-4c94-44e4-a0a9-c66388f8e231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20396", "type": "seen", "source": "https://t.me/cibsecurity/49724", "content": "\u203c CVE-2022-20396 \u203c\n\nIn SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T00:25:46.000000Z"}]}