CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20517
https://notcve.org/view.php?id=CVE-2022-20517
16 Dec 2022 — In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 En getMessagesByPhoneNumber de MmsSmsProvider.java, existe un posible acceso a tablas restringidas debido a la inyección SQL. Esto podría dar lugar a la divulgación de información local ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20518
https://notcve.org/view.php?id=CVE-2022-20518
16 Dec 2022 — In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 En la consulta de MmsSmsProvider.java, existe un posible acceso a tablas restringidas debido a la inyección SQL. Esto podría dar lugar a la divulgación de información local con privilegios de ejecución del usuario ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20519
https://notcve.org/view.php?id=CVE-2022-20519
16 Dec 2022 — In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678 En onCreate de AddAppNetworksActivity.java, existe una forma posible para que un usuario invitado configure redes WiFi debido a que falta una verificación de pe... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20520
https://notcve.org/view.php?id=CVE-2022-20520
16 Dec 2022 — In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 Al crear varios archivos, existe un posible ataque de tapjacking/superposición. Esto podría llevar a una escalada local de privilegios o a la denegación del servidor con los permisos de ejecución necesarios del Usuario.... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20521
https://notcve.org/view.php?id=CVE-2022-20521
16 Dec 2022 — In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684 En sdpu_find_most_specific_service_uuid de sdp_utils.cc, existe una forma posible de bloquear Bluetooth debido a que falta una verificación nula. Esto podría provocar una Denegación de Ser... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20522
https://notcve.org/view.php?id=CVE-2022-20522
16 Dec 2022 — In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877 En getSlice de ProviderModelSlice.java, falta una verificación de permisos. Esto podría dar lugar a una escalada local de privilegios por parte del usuario invitado sin necesidad de permisos de ejecución adicio... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20523
https://notcve.org/view.php?id=CVE-2022-20523
16 Dec 2022 — In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508 En IncFs_GetFilledRangesStartingFrom de incfs.cpp, existe una posible lectura fuera de los límites debido a una comprobación de los límites faltantes. Esto podría dar lugar a la divulgaci... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20524
https://notcve.org/view.php?id=CVE-2022-20524
16 Dec 2022 — In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213 En compose de Vibrator.cpp, existe una posible ejecución de código arbitrario debido a un use after free. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicion... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20526
https://notcve.org/view.php?id=CVE-2022-20526
16 Dec 2022 — In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774 En CanvasContext::draw de CanvasContext.cpp, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de pri... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20528
https://notcve.org/view.php?id=CVE-2022-20528
16 Dec 2022 — In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711 En findParam de HevcUtils.cpp hay una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios sin necesidad de permis... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •