CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-39109
https://notcve.org/view.php?id=CVE-2022-39109
14 Oct 2022 — In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. En Music service, se presenta una falta de comprobación de permisos. Esto podría conllevar a una elevación de privilegios en Music service sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38677
https://notcve.org/view.php?id=CVE-2022-38677
14 Oct 2022 — In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. En cell service, falta una comprobación de permisos. Esto podría conllevar a una denegación de servicio local en el servicio celular sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39105
https://notcve.org/view.php?id=CVE-2022-39105
14 Oct 2022 — In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. En sensor driver, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una denegación de servicio local en el kernel • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-39114
https://notcve.org/view.php?id=CVE-2022-39114
14 Oct 2022 — In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. En Music service, se presenta una falta de comprobación de permisos. Esto podría conllevar a una denegación de servicio local en Music service sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38688
https://notcve.org/view.php?id=CVE-2022-38688
14 Oct 2022 — In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. En telephony service, falta una comprobación de permisos. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20394
https://notcve.org/view.php?id=CVE-2022-20394
11 Oct 2022 — In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124 En la función getInputMethodWindowVisibleHeight del archivo InputMethodManagerService.java, se pres... • https://source.android.com/security/bulletin/2022-10-01 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20429
https://notcve.org/view.php?id=CVE-2022-20429
11 Oct 2022 — In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473 En CarSettings de app packages, se presenta una posible derivación de permisos debido a un adjunto confuso. Esto podría conllevar a una escalada local de p... • https://source.android.com/security/bulletin/aaos/2022-10-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20425
https://notcve.org/view.php?id=CVE-2022-20425
11 Oct 2022 — In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 En la función addAutomaticZenRule del archivo ZenModeHelper.java, se presenta una posible degradación permanente del rendimiento debido a un agota... • https://source.android.com/security/bulletin/2022-10-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20410
https://notcve.org/view.php?id=CVE-2022-20410
11 Oct 2022 — In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663 En la función avrc_ctrl_pars_vendor_rsp del archivo avrc_pars_ct.cc, se presenta una posible lectura fuera de límites debido a un desbordamiento d... • https://source.android.com/security/bulletin/2022-10-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20415
https://notcve.org/view.php?id=CVE-2022-20415
11 Oct 2022 — In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873 En la función handleFullScreenIntent del archivo StatusBarNotificationAct... • https://source.android.com/security/bulletin/2022-10-01 •