CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20350
https://notcve.org/view.php?id=CVE-2022-20350
09 Aug 2022 — In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437 En la función onCreate del archivo NotificationAccessConfirmationActivity.java, se presenta una pos... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20349
https://notcve.org/view.php?id=CVE-2022-20349
09 Aug 2022 — In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522 En las funciones WifiScanningPreferenceController y BluetoothScanningPreferenceController, se presenta una posible... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20348
https://notcve.org/view.php?id=CVE-2022-20348
09 Aug 2022 — In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529 En la función updateState del archivo LocationServicesWifiScanningPreferenceController.java, se presenta una posible omi... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20347
https://notcve.org/view.php?id=CVE-2022-20347
09 Aug 2022 — In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 En la función onAttach del archivo ConnectedDeviceDashboardFragment.java, se presenta una posible omisión de permisos debido a un pr... • https://github.com/hshivhare67/platform_packages_apps_settings_AOSP10_r33_CVE-2022-20347 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20346
https://notcve.org/view.php?id=CVE-2022-20346
09 Aug 2022 — In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653 En la función updateAudioTrackInfoFromESDS_MPEG4Audio del archivo MPEG4Extractor.cpp, se presenta una posible lectura fuera de límites deb... • https://source.android.com/security/bulletin/2022-08-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20344
https://notcve.org/view.php?id=CVE-2022-20344
09 Aug 2022 — In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124 En la función stealReceiveChannel del archivo EventThread.cpp, se presenta una posible forma de interferir con la comunicación del proceso de... • https://source.android.com/security/bulletin/2022-08-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-39696
https://notcve.org/view.php?id=CVE-2021-39696
09 Aug 2022 — In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717 En el archivo Task.java, se presenta una posible escalada de privilegios debido a un problema de tipo confused deputy. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegi... • https://github.com/nidhihcl/frameworks_base_AOSP_10_r33_CVE-2021-39696 •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33720
https://notcve.org/view.php?id=CVE-2022-33720
05 Aug 2022 — Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. Una vulnerabilidad de autenticación inapropiada en AppLock versiones anteriores a SMR Aug-2022 Release 1, permite a un atacante físico acceder a Chrome bloqueado por AppLock por medio de un nuevo acceso directo • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33719
https://notcve.org/view.php?id=CVE-2022-33719
05 Aug 2022 — Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. Una comprobación de entrada inapropiada en baseband versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes causar un desbordamiento de enteros a un desbordamiento de pila • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33724
https://notcve.org/view.php?id=CVE-2022-33724
05 Aug 2022 — Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. Una Exposición de Información Confidencial en la aplicación Samsung Dialer versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes locales acceder al ICCID por medio del registro • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •