CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20142
https://notcve.org/view.php?id=CVE-2022-20142
15 Jun 2022 — In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962 En la función createFromParcel del archivo GeofenceHardwareRequestParcelable.java, se presenta una posible ejecución de código arbitrario deb... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2022-20142 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20138
https://notcve.org/view.php?id=CVE-2022-20138
15 Jun 2022 — In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972 En la función ACTION_MANAGED_PROFILE_PROVISIONED del archivo DevicePolicyMan... • https://github.com/ShaikUsaf/ShaikUsaf-frameworks_base_AOSP10_r33_CVE-2022-20138 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20135
https://notcve.org/view.php?id=CVE-2022-20135
15 Jun 2022 — In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465 En la función writeToParcel del archivo GateKeeperResponse.java, se presenta un posible desajuste en el formato del paquete. Esto podría conllevar a una escalada local de privilegios, con los p... • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20134
https://notcve.org/view.php?id=CVE-2022-20134
15 Jun 2022 — In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 En la función readArguments del archivo CallSubjectDialog.java, se presenta una posible forma de engañar al usuario para q... • https://source.android.com/security/bulletin/2022-06-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20133
https://notcve.org/view.php?id=CVE-2022-20133
15 Jun 2022 — In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 En la función setDiscoverableTimeout del archivo AdapterService.java, se presenta una posible omisión de la interacción con el usuario debido a una fa... • https://source.android.com/security/bulletin/2022-06-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20131
https://notcve.org/view.php?id=CVE-2022-20131
15 Jun 2022 — In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662 En la función nci_proc_rf_management_ntf del archivo nci_hrcv.cc, se presenta una posible lectura fuera de límites debido a una falta de comprobación de lími... • https://source.android.com/security/bulletin/2022-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20130
https://notcve.org/view.php?id=CVE-2022-20130
15 Jun 2022 — In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979 En la función transportDec_OutOfBandConfig del archivo tpdec_lib.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de... • https://github.com/Satheesh575555/external_aac_AOSP10_r33_CVE-2022-20130 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20129
https://notcve.org/view.php?id=CVE-2022-20129
15 Jun 2022 — In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 En la función registerPhoneAccount del archivo PhoneAccountRegistrar.java, es posible impedir que el usuario selecc... • https://source.android.com/security/bulletin/2022-06-01 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20127
https://notcve.org/view.php?id=CVE-2022-20127
15 Jun 2022 — In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 En la función ce_t4t_data_cback del archivo ce_t4t.cc, se presenta una posible escritura fuera de límites debido a una doble liberación. Esto podría conllevar a una ejecución de código... • https://source.android.com/security/bulletin/2022-06-01 • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20126
https://notcve.org/view.php?id=CVE-2022-20126
15 Jun 2022 — In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023 En la función setScanMode del archivo AdapterService.java, se presenta una posible forma de habilitar el modo de detección de Bl... • https://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126 • CWE-862: Missing Authorization •