CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20483
https://notcve.org/view.php?id=CVE-2022-20483
13 Dec 2022 — In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126 En varias funciones que analizan la respuesta avrc en avrc_pars_ct.cc y archivos relacionados, hay posibles lectu... • https://source.android.com/security/bulletin/2022-12-01 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20495
https://notcve.org/view.php?id=CVE-2022-20495
13 Dec 2022 — In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844 En getEnabledAccessibilityServiceList de AccessibilityManager.java, existe una forma posible de ocultar... • https://source.android.com/security/bulletin/2022-12-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20474
https://notcve.org/view.php?id=CVE-2022-20474
13 Dec 2022 — In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294 En readLazyValue de Parcel.java, existe una posible carga de código arbitrario en la aplicación Configuración del sistema debido... • https://github.com/cxxsheng/CVE-2022-20474 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20469
https://notcve.org/view.php?id=CVE-2022-20469
13 Dec 2022 — In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230867224 En avct_lcb_msg_asmbl de avct_lcb_act.cc, hay una posible escritura fuera de los límites debido a una verificación de los límites falt... • https://source.android.com/security/bulletin/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20500
https://notcve.org/view.php?id=CVE-2022-20500
13 Dec 2022 — In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168 En loadFromXml de ShortcutPackage.java, existe una posible falla en el arranque debido a una excepción no detectada. Esto podría provocar una Denegación de Servicio... • https://source.android.com/security/bulletin/2022-12-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20485
https://notcve.org/view.php?id=CVE-2022-20485
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935 En NotificationChannel de NotificationChannel.java, existe un posible fallo al conservar la configuración de permisos debi... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20501
https://notcve.org/view.php?id=CVE-2022-20501
13 Dec 2022 — In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359 En onCreate de EnableAccountPreferenceActivity.java, existe una forma posible de engañar al usuario pa... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20487
https://notcve.org/view.php?id=CVE-2022-20487
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703202 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20491
https://notcve.org/view.php?id=CVE-2022-20491
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0934
https://notcve.org/view.php?id=CVE-2021-0934
13 Dec 2022 — In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606 En findAllDeAccounts de AccountsDb.java, existe una posible Denegación de Servicio (DoS) por agotamiento de recursos. Esto podría provocar una Denegación de Serv... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1284: Improper Validation of Specified Quantity in Input •