CVSS: 6.7EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26453
https://notcve.org/view.php?id=CVE-2022-26453
06 Sep 2022 — In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664675; Issue ID: ALPS06664675. En teei, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2022-26448
https://notcve.org/view.php?id=CVE-2022-26448
06 Sep 2022 — In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07063849; Issue ID: ALPS07063849. En apusys, es posible que se produzca una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2022-26447
https://notcve.org/view.php?id=CVE-2022-26447
06 Sep 2022 — In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478. En BT firmware, es posible que se produzca una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20361
https://notcve.org/view.php?id=CVE-2022-20361
09 Aug 2022 — In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 En la función btif_dm_auth_cmpl_evt del archivo btif_dm.cc, se presenta una posible vulnerabilidad en la Derivación de Claves... • https://github.com/francozappa/blur •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20360
https://notcve.org/view.php?id=CVE-2022-20360
09 Aug 2022 — In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987 En la función setChecked del archivo SecureNfcPreferenceController.java, falta una comprobación de permisos. Esto podría conllevar a una escalada local de privileg... • https://github.com/726232111/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20358
https://notcve.org/view.php?id=CVE-2022-20358
09 Aug 2022 — In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 En la función startSync del archivo AbstractThreadedSyncAdapter.java, se presenta una posible forma de acceder al contenido p... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20356
https://notcve.org/view.php?id=CVE-2022-20356
09 Aug 2022 — In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 En la función shouldAllowFgsWhileInUsePermissionLocked del archivo ActiveServices.java, se presenta una posible fo... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20355
https://notcve.org/view.php?id=CVE-2022-20355
09 Aug 2022 — In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290 En la obtención del archivo PacProxyService.java, se presenta un posible bloqueo del servicio del sistema debido a una comprobación de entrada inapropiada. Esto podría conllevar a u... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20354
https://notcve.org/view.php?id=CVE-2022-20354
09 Aug 2022 — In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241 En la función onDefaultNetworkChanged del archivo Vpn.java, se presenta una posible forma de desactivar la VPN debido a un error lógico en el código. Esto podría conllevar... • https://source.android.com/security/bulletin/2022-08-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20353
https://notcve.org/view.php?id=CVE-2022-20353
09 Aug 2022 — In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256 En la función onSaveRingtone del archivo DefaultRingtonePreference.java, se presenta una posible lectura inapropiada de archivos debido a una c... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •