CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32651
https://notcve.org/view.php?id=CVE-2022-32651
03 Jan 2023 — In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue ID: ALPS07225857. En mtk-aie, existe un posible use after free debido a un error lógico. • https://corp.mediatek.com/product-security-bulletin/January-2023 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20512
https://notcve.org/view.php?id=CVE-2022-20512
16 Dec 2022 — In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879 En navigateUpTo de Task.java, existe una forma posible de iniciar un controlador de intenciones con una intención que no coincide debido a una validación de entrada i... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20527
https://notcve.org/view.php?id=CVE-2022-20527
16 Dec 2022 — In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861 En HalCoreCallback de halcore.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría dar lugar a la divulgación de inform... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20525
https://notcve.org/view.php?id=CVE-2022-20525
16 Dec 2022 — In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 En enforceVisualVoicemailPackage de PhoneInterfaceManager.java, existe una posible fuga del nombre del paquete de correo de voz visual debido a una omisión ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20516
https://notcve.org/view.php?id=CVE-2022-20516
16 Dec 2022 — In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331 En rw_t3t_act_handle_check_ndef_rsp de rw_t3t.cc, existe una posible lectura fuera de los límites debido a un desbordamiento de enteros. Esto podría conducir a la divulgación remota de infor... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20545
https://notcve.org/view.php?id=CVE-2022-20545
16 Dec 2022 — In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697 En bindArtworkAndColors de MediaControlPanel.java, existe una posible forma de bloquear el teléfono debido a una validación de entrada incorrecta. Esto podría provocar una denegación r... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20530
https://notcve.org/view.php?id=CVE-2022-20530
16 Dec 2022 — In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645 En strings.xml, existe una posible omisión de permiso debido a una cadena engañosa. Esto podría dar lugar a la divulgación remota de información de los registros de llamadas sin necesidad de privilegios de ejecuc... • https://source.android.com/security/bulletin/pixel/2022-12-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20199
https://notcve.org/view.php?id=CVE-2022-20199
16 Dec 2022 — In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025 En varias ubicaciones de NfcService.java, existe una posible divulgación de etiquetas NFC debido a un asistente confundido. Esto podría dar lugar a la divulgación de información local sin necesidad... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20503
https://notcve.org/view.php?id=CVE-2022-20503
16 Dec 2022 — In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890 En onCreate de WifiDppConfiguratorActivity.java, existe una forma posible para que un usuario invitado agregue una configuración WiFi debido a que falta u... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20504
https://notcve.org/view.php?id=CVE-2022-20504
16 Dec 2022 — In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553 En varias ubicaciones de DreamManagerService.java, falta una verificación de permisos. Esto podría provocar una escalada local de privilegios y el cierre de cuadros de diálogo del sistema con priv... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •