CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20479
https://notcve.org/view.php?id=CVE-2022-20479
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764340 En NotificationChannel de NotificationChannel.java, existe un posible fallo al conservar la configuración de permisos debi... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20486
https://notcve.org/view.php?id=CVE-2022-20486
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20498
https://notcve.org/view.php?id=CVE-2022-20498
13 Dec 2022 — In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246465319 En fdt_path_offset_namelen de fdt_ro.c, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría cond... • https://source.android.com/security/bulletin/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20475
https://notcve.org/view.php?id=CVE-2022-20475
13 Dec 2022 — In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194 En la prueba de ResetTargetTaskHelper.java, existe un posible secuestro de cualquier aplicación que establezca enableTaskReparen... • https://source.android.com/security/bulletin/2022-12-01 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20411
https://notcve.org/view.php?id=CVE-2022-20411
13 Dec 2022 — In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-232023771 En avdt_msg_asmbl de avdt_msg.cc, hay una posible escritura fuera de los límites debido a una comprobación de los límites faltante. Esto podría llevar... • https://source.android.com/security/bulletin/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20480
https://notcve.org/view.php?id=CVE-2022-20480
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39915
https://notcve.org/view.php?id=CVE-2022-39915
08 Dec 2022 — Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. Una vulnerabilidad de control de acceso inadecuado en Calendar anterior a las versiones 11.6.08.0 en Android Q(10), 12.2.11.3000 en Android R(11), 12.3.07.2000 en Android S(12) y 12.4.02.0 en Android T(13) permite los atacantes accedan a información con... • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-284: Improper Access Control •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39898
https://notcve.org/view.php?id=CVE-2022-39898
08 Dec 2022 — Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. Una vulnerabilidad de control de acceso inadecuado en IIccPhoneBook anterior a SMR Dec-2022 Release 1 permite a los atacantes acceder a cierta información de usim. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12 • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39908
https://notcve.org/view.php?id=CVE-2022-39908
08 Dec 2022 — TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. La vulnerabilidad TOCTOU en la librería de decodificación de Samsung para miniaturas de videos anteriores a la versión 1 de SMR de diciembre de 2022 permite a un atacante local realizar escritura fuera de los límites. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39912
https://notcve.org/view.php?id=CVE-2022-39912
08 Dec 2022 — Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •