CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
15 Jun 2022 — In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 En GBoard, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica debido a un escape del sandb... • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20123
https://notcve.org/view.php?id=CVE-2022-20123
15 Jun 2022 — In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424 En la función phNciNfc_RecvMfResp del archivo phNxpExtns_MifareStd.cpp, se presenta una posible lectura fuera de límites debido a una falta de comproba... • https://source.android.com/security/bulletin/2022-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39691
https://notcve.org/view.php?id=CVE-2021-39691
15 Jun 2022 — In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 En WindowManager, se presenta un posible ataque de tapjacking debido a una bandera de ventana incorrecta cuando se procesa la entrada del usuario. Esto podría conllevar a un... • https://source.android.com/security/bulletin/2022-06-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20124
https://notcve.org/view.php?id=CVE-2022-20124
15 Jun 2022 — In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-170646036 En la función deletePackageX del archivo DeletePackageHelper.java, se presenta una posible forma... • https://source.android.com/security/bulletin/2022-12-01 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20144
https://notcve.org/view.php?id=CVE-2022-20144
15 Jun 2022 — In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906 En varias funciones del archivo AvatarPhotoController.java, se presenta un posible acceso a contenido propiedad de proveedores de contenido del s... • https://source.android.com/security/bulletin/aaos/2022-12-01 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30728
https://notcve.org/view.php?id=CVE-2022-30728
07 Jun 2022 — Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Una vulnerabilidad de exposición de información en ScanPool versiones anteriores a 1 de SMR Jun-2022, permite a atacantes locales conseguir información de la dirección MAC • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=6 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30727
https://notcve.org/view.php?id=CVE-2022-30727
07 Jun 2022 — Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. Una vulnerabilidad de manejo inapropiado de permisos insuficientes en addAppPackageNameToAllowList en PersonaManagerService versiones anteriores a SMR Jun-2022 Release 1, permite a atacantes locales establecer algún valor de ajuste en el espacio de trabajo • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30725
https://notcve.org/view.php?id=CVE-2022-30725
07 Jun 2022 — Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Una difusión de la intención que incluye el objeto BluetoothDevice sin la debida restricción de receptores en la función sendIntentSessionError de Bluetooth versiones anteriores a SMR Jun-2022 Release 1, filtra la dirección MAC del dispositivo Bluetooth conectado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30724
https://notcve.org/view.php?id=CVE-2022-30724
07 Jun 2022 — Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Una intención de difusión que incluye el objeto BluetoothDevice sin la debida restricción de receptores en la función sendIntentSessionCompleted de Bluetooth versiones anteriores a SMR Jun-2022 Release 1, filtra la dirección MAC del dispositivo Bluetooth conectado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30723
https://notcve.org/view.php?id=CVE-2022-30723
07 Jun 2022 — Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Una transmisión de la intención que incluye el objeto BluetoothDevice sin la debida restricción de receptores en la función activateVoiceRecognitionWithDevice de Bluetooth versiones anteriores a SMR Jun-2022 Release 1, filtra la dirección MAC del dispositivo Bluetooth c... • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=6 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •