CVSS: 4.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32595
https://notcve.org/view.php?id=CVE-2022-32595
06 Feb 2023 — In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. • https://corp.mediatek.com/product-security-bulletin/December-2022 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 39EXPL: 0CVE-2023-20613
https://notcve.org/view.php?id=CVE-2023-20613
06 Feb 2023 — In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614. • https://corp.mediatek.com/product-security-bulletin/February-2023 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32642
https://notcve.org/view.php?id=CVE-2022-32642
06 Feb 2023 — In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. • https://corp.mediatek.com/product-security-bulletin/February-2023 • CWE-662: Improper Synchronization •
CVSS: 6.7EPSS: 0%CPEs: 40EXPL: 0CVE-2023-20614
https://notcve.org/view.php?id=CVE-2023-20614
06 Feb 2023 — In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615. • https://corp.mediatek.com/product-security-bulletin/February-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20916
https://notcve.org/view.php?id=CVE-2023-20916
24 Jan 2023 — In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049 En getMainActivityLaunchIntent de LauncherAppsService.java, existe una forma posible de evitar las restric... • https://source.android.com/security/bulletin/2023-01-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20904
https://notcve.org/view.php?id=CVE-2023-20904
24 Jan 2023 — In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 En getTrampolineIntent de SettingsActivity.java, existe un posible inicio de actividad arbitraria debido a una discrepancia de intención en el código. Esto po... • https://source.android.com/security/bulletin/2023-01-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20458
https://notcve.org/view.php?id=CVE-2022-20458
24 Jan 2023 — The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 • https://source.android.com/security/bulletin/aaos/2023-01-01 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20214
https://notcve.org/view.php?id=CVE-2022-20214
24 Jan 2023 — In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 • https://source.android.com/security/bulletin/aaos/2023-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20461
https://notcve.org/view.php?id=CVE-2022-20461
24 Jan 2023 — In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 • https://source.android.com/security/bulletin/2023-01-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20912
https://notcve.org/view.php?id=CVE-2023-20912
24 Jan 2023 — In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995 En onActivityResult de AvatarPickerActivity.java, existe una forma posible de acceder a imágenes que pertenecen a otros usuarios debido a que falta una veri... • https://source.android.com/security/bulletin/2023-01-01 • CWE-862: Missing Authorization •