CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39738
https://notcve.org/view.php?id=CVE-2021-39738
10 May 2022 — In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 En CarSetings, es posible emparejar el dispositivo BT omitiendo el consentimiento del usuario debido a una falta de comprobación de permisos. Esto podría conlle... • https://source.android.com/security/bulletin/aaos/2022-05-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20114
https://notcve.org/view.php?id=CVE-2022-20114
10 May 2022 — In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016 En la función placeCall del archivo TelecomManager.java, se presenta una posible forma de que una aplicaci... • https://source.android.com/security/bulletin/2022-05-01 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20112
https://notcve.org/view.php?id=CVE-2022-20112
10 May 2022 — In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762 En la función getAvailabilityStatus del archivo PrivateDnsPreferenceController.java, se presenta la posibil... • https://source.android.com/security/bulletin/2022-05-01 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20011
https://notcve.org/view.php?id=CVE-2022-20011
10 May 2022 — In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 En la función getArray del archivo NotificationManagerService.java , se presenta una posible fuga de notificaciones de un usuario a otro debi... • https://source.android.com/security/bulletin/2022-05-01 • CWE-862: Missing Authorization •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20007
https://notcve.org/view.php?id=CVE-2022-20007
10 May 2022 — In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342 En la función startActivityForAttachedApplicationIfNeed del archivo RootWi... • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20006
https://notcve.org/view.php?id=CVE-2022-20006
10 May 2022 — In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871 En varias funciones del archivo KeyguardServiceWrapper.java y archivos relaciona... • https://source.android.com/security/bulletin/2022-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20005
https://notcve.org/view.php?id=CVE-2022-20005
10 May 2022 — In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664 En la función validateApkInstallLocked del archivo PackageInstallerSession.java, se presenta una forma de forzar una falta de coincidencia entre e... • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20005 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20004
https://notcve.org/view.php?id=CVE-2022-20004
10 May 2022 — In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767 En la función checkSlicePermission del archivo SliceManagerService.java, es posible acceder a cualquier URI de slice debido a una comprobación de e... • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20004 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39700
https://notcve.org/view.php?id=CVE-2021-39700
10 May 2022 — In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790 En las directivas del archivo adbd.te, se presentaba un error lógico que causaba que la prueba de puertos de escucha CTS informara de resultados no válidos. Esto pod... • https://source.android.com/security/bulletin/2022-05-01 •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2022-21743
https://notcve.org/view.php?id=CVE-2022-21743
03 May 2022 — In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. En ion, se presenta un posible uso de memoria previamente liberada debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-190: Integer Overflow or Wraparound •