CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20505
https://notcve.org/view.php?id=CVE-2022-20505
16 Dec 2022 — In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754 En openFile de CallLogProvider.java, existe una posible omisión de permiso debido a un error de path traversal. Esto podría conducir a una escalada local de privilegios con permisos de ejecución del usuario nece... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20506
https://notcve.org/view.php?id=CVE-2022-20506
16 Dec 2022 — In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034 En onCreate de WifiDialogActivity.java, falta una verificación de permisos. Esto podría dar lugar a una escalada local de privilegios por parte de un usuario invitado sin necesidad de privilegios de ejecución adi... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20507
https://notcve.org/view.php?id=CVE-2022-20507
16 Dec 2022 — In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179 En onMulticastListUpdateNotificationReceived de UwbEventManager.java, existe una posible ejecución de código arbitrario debido a una verificación de los límites ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20508
https://notcve.org/view.php?id=CVE-2022-20508
16 Dec 2022 — In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614 En onAttach de ConfigureWifiSettings.java, existe una forma posible para que un usuario invitado cambie la configuración de WiFi debido a una omisión de permisos. Esto po... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20509
https://notcve.org/view.php?id=CVE-2022-20509
16 Dec 2022 — In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317 En mapGrantorDescr de MessageQueueBase.h, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría conducir a una escalada local de privilegios c... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20510
https://notcve.org/view.php?id=CVE-2022-20510
16 Dec 2022 — In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336 En getNearbyNotificationStreamingPolicy de DevicePolicyManagerService.java, existe una forma posible de conocer la ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20511
https://notcve.org/view.php?id=CVE-2022-20511
16 Dec 2022 — In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829 En getNearbyAppStreamingPolicy de DevicePolicyManagerService.java, falta una verificación de permisos. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-20513
https://notcve.org/view.php?id=CVE-2022-20513
16 Dec 2022 — In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759 En decrypt_1_2 de CryptoPlugin.cpp, hay una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría dar lugar a la divulgación de información local sin neces... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20514
https://notcve.org/view.php?id=CVE-2022-20514
16 Dec 2022 — In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875 En acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos y releaseFabricatedOverlayIterator de Idmap2Service.cpp, exis... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20515
https://notcve.org/view.php?id=CVE-2022-20515
16 Dec 2022 — In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496 En onPreferenceClick de AccountTypePreferenceLoader.java, existe una forma posible de recuperar archivos protegidos desde la aplicación Configuración ... • https://source.android.com/security/bulletin/pixel/2022-12-01 •