CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20450
https://notcve.org/view.php?id=CVE-2022-20450
08 Nov 2022 — In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 En restorePermissionState de PermissionManagerServiceImpl.java, existe una forma posible de omitir el consentimiento... • https://source.android.com/security/bulletin/2022-11-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20453
https://notcve.org/view.php?id=CVE-2022-20453
08 Nov 2022 — In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 En la actualización de MmsProvider.java, existe una posible restricción de los permisos del directorio debido a un error de path trav... • https://source.android.com/security/bulletin/2022-11-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21778
https://notcve.org/view.php?id=CVE-2022-21778
08 Nov 2022 — In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. En vpu, existe una posible divulgación de información debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20448
https://notcve.org/view.php?id=CVE-2022-20448
08 Nov 2022 — In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 En buzzBeepBlinkLocked de NotificationManagerService.java, existe una forma posible de compartir datos entre usuarios debid... • https://source.android.com/security/bulletin/2022-11-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20414
https://notcve.org/view.php?id=CVE-2022-20414
08 Nov 2022 — In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 En setImpl de AlarmManagerService.java, existe una manera posible de poner un dispositivo en un bucle de arranque debido a una excepción no d... • https://source.android.com/security/bulletin/2022-11-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32610
https://notcve.org/view.php?id=CVE-2022-32610
08 Nov 2022 — In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. En vcu, existe un posible use-after-free debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-662: Improper Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20445
https://notcve.org/view.php?id=CVE-2022-20445
08 Nov 2022 — In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 En process_service_search_rsp de sdp_discovery.cc, existe una posible lectura fuera de los límites debido a una validación de entrada inco... • https://source.android.com/security/bulletin/2022-11-01 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39121
https://notcve.org/view.php?id=CVE-2022-39121
14 Oct 2022 — In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. En sensor driver, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una denegación de servicio local en el kernel • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38670
https://notcve.org/view.php?id=CVE-2022-38670
14 Oct 2022 — In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. En soundrecorder service, falta una comprobación de permisos. Esto podría conllevar a una elevación de privilegios en el servicio de contactos sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39117
https://notcve.org/view.php?id=CVE-2022-39117
14 Oct 2022 — In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. En messaging service, se presenta una falta de comprobación de permisos. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-862: Missing Authorization •