CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20462
https://notcve.org/view.php?id=CVE-2022-20462
08 Nov 2022 — In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 En phNxpNciHal_write_unlocked de phNxpNciHal.cc, existe una posible escritura fuera de los límites debido a una verificación de los límites fa... • https://source.android.com/security/bulletin/2022-11-01 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20446
https://notcve.org/view.php?id=CVE-2022-20446
08 Nov 2022 — In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 En AlwaysOnHotwordDetector de AlwaysOnHotwordDetector.java, existe una forma posible de acceder al micrófono desde segundo plano deb... • https://source.android.com/security/bulletin/2022-11-01 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32611
https://notcve.org/view.php?id=CVE-2022-32611
08 Nov 2022 — In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373. En isp, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-32618
https://notcve.org/view.php?id=CVE-2022-32618
08 Nov 2022 — In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454. En Typec, existe una posible escritura fuera de límites debido a un cálculo incorrecto del tamaño del búfer. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20454
https://notcve.org/view.php?id=CVE-2022-20454
08 Nov 2022 — In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242096164 En fdt_next_tag de fdt.c, existe una posible escritura fuera de los límites debido a un desbordamiento de enteros. Esto podría conducir a una escalada local de privilegios con... • https://source.android.com/security/bulletin/2022-11-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2022-32602
https://notcve.org/view.php?id=CVE-2022-32602
08 Nov 2022 — In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790. En keyinstall, existe una posible lectura fuera de los límites debido a una comprobación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20441
https://notcve.org/view.php?id=CVE-2022-20441
08 Nov 2022 — In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 En navegateUpTo de Task.java, existe una forma posible de iniciar un controlador de inten... • https://source.android.com/security/bulletin/2022-11-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20426
https://notcve.org/view.php?id=CVE-2022-20426
08 Nov 2022 — In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 En múltiples funciones de muchos archivos, existe una posible obstrucción de la capacidad del usuario para seleccionar una ... • https://source.android.com/security/bulletin/2022-11-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20465
https://notcve.org/view.php?id=CVE-2022-20465
08 Nov 2022 — In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 Al descartar y funciones relacionadas de KeyguardHostViewController.java y archivos relacionados, exist... • https://source.android.com/security/bulletin/2022-11-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20451
https://notcve.org/view.php?id=CVE-2022-20451
08 Nov 2022 — In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 En onCallRedirectionComplete de CallsManager.java, existe una posible omisión de permisos debido a una falta de verificación de permisos. Est... • https://source.android.com/security/bulletin/2022-11-01 • CWE-862: Missing Authorization •