CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20472
https://notcve.org/view.php?id=CVE-2022-20472
13 Dec 2022 — In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579 En toLanguageTag de LocaleListCache.cpp, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría co... • https://source.android.com/security/bulletin/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20466
https://notcve.org/view.php?id=CVE-2022-20466
13 Dec 2022 — In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730 En applyKeyguardFlags de NotificationShadeWindowControllerImpl.java, existe una forma ... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20449
https://notcve.org/view.php?id=CVE-2022-20449
13 Dec 2022 — In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237 En writeApplicationRestrictionsLAr de UserManagerService.java, existe una posible sobrescritura de archivos del sistema debido a un err... • https://source.android.com/security/bulletin/2022-12-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20484
https://notcve.org/view.php?id=CVE-2022-20484
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20470
https://notcve.org/view.php?id=CVE-2022-20470
13 Dec 2022 — In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191 En bindRemoteViewsService de AppWidgetServiceImpl.java, existe una forma posible de evitar el inicio de la acti... • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20473
https://notcve.org/view.php?id=CVE-2022-20473
13 Dec 2022 — In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173 En toLanguageTag de LocaleListCache.cpp, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría co... • https://github.com/Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20468
https://notcve.org/view.php?id=CVE-2022-20468
13 Dec 2022 — In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451 En BNEP_ConnectResp de bnep_api.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Es... • https://source.android.com/security/bulletin/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20478
https://notcve.org/view.php?id=CVE-2022-20478
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20611
https://notcve.org/view.php?id=CVE-2022-20611
13 Dec 2022 — In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 En deletePackageVersionedInternal de DeletePackageHelper.java, existe una forma posible de eludir las restricciones... • https://source.android.com/security/bulletin/2022-12-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20476
https://notcve.org/view.php?id=CVE-2022-20476
13 Dec 2022 — In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919 En setEnabledSetting de PackageManager.java, existe una forma posible de hacer que el dispositivo entre en un ciclo de reinicio infinit... • https://source.android.com/security/bulletin/2022-12-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •