CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39803
https://notcve.org/view.php?id=CVE-2021-39803
12 Apr 2022 — In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350 En la función ~Impl del archivo C2AllocatorIon.cpp, se presenta una posible lectura fuera de límites debido a un uso de memoria previamente liberada. Esto podría conllevar a una div... • https://source.android.com/security/bulletin/2022-04-01 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39796
https://notcve.org/view.php?id=CVE-2021-39796
12 Apr 2022 — In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 En la función HarmfulAppWarningActivity del archivo HarmfulAppWarningActivity.java, se presenta una posible forma de engaña... • https://source.android.com/security/bulletin/2022-04-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39794
https://notcve.org/view.php?id=CVE-2021-39794
12 Apr 2022 — In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 En la función broadcastPortInfo del archivo AdbService.java, se presenta una posible forma de que las aplicaciones... • https://source.android.com/security/bulletin/2022-04-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0694
https://notcve.org/view.php?id=CVE-2021-0694
12 Apr 2022 — In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114 En la función setServiceForegroundInnerLocked del archivo ActiveServices.java, se presenta una posible forma de que u... • https://source.android.com/security/bulletin/2022-04-01 • CWE-863: Incorrect Authorization •
CVSS: 6.9EPSS: 0%CPEs: 37EXPL: 0CVE-2022-20080
https://notcve.org/view.php?id=CVE-2022-20080
11 Apr 2022 — In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. En SUB2AF, se presenta una posible corrupción de memoria debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2022-20079
https://notcve.org/view.php?id=CVE-2022-20079
11 Apr 2022 — In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. En vow, se presenta una posible lectura de datos no inicializados debido a una comprobación de entrada inapropiada. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2022-20078
https://notcve.org/view.php?id=CVE-2022-20078
11 Apr 2022 — In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. En vow, se presenta una posible corrupción de memoria debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2022-20077
https://notcve.org/view.php?id=CVE-2022-20077
11 Apr 2022 — In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. En vow, se presenta una posible corrupción de memoria debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 65EXPL: 0CVE-2022-20076
https://notcve.org/view.php?id=CVE-2022-20076
11 Apr 2022 — In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. En ged, se presenta una posible corrupción de memoria debido a un manejo de errores incorrecto. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 65EXPL: 0CVE-2022-20075
https://notcve.org/view.php?id=CVE-2022-20075
11 Apr 2022 — In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808. En ged, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-190: Integer Overflow or Wraparound •