CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20529
https://notcve.org/view.php?id=CVE-2022-20529
16 Dec 2022 — In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 En varias ubicaciones de WifiDialogActivity.java, existe una posible omisión limitada de la pantalla de bloqueo debido a un error lógico en el código. Esto podr... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20533
https://notcve.org/view.php?id=CVE-2022-20533
16 Dec 2022 — In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363 En getSlice de WifiSlice.java, existe una forma posible de conectar una nueva red WiFi desde el modo de invitado debido a que falta una verificación de permiso. Esto p... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20535
https://notcve.org/view.php?id=CVE-2022-20535
16 Dec 2022 — In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242 En RegisterLocalOnlyHotspotSoftApCallback de WifiManager.java, existe una forma posible de determinar si una... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-203: Observable Discrepancy •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20536
https://notcve.org/view.php?id=CVE-2022-20536
16 Dec 2022 — In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180 En RegisterBroadcastReceiver de RcsService.java, existe una forma posible de cambiar el modo TTY preferido debido a que falta una verificación de permiso. Esto podría con... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20537
https://notcve.org/view.php?id=CVE-2022-20537
16 Dec 2022 — In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169 En createDialog de WifiScanModeActivity.java, existe una forma posible para que un usuario invitado habilite configuraciones se... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20538
https://notcve.org/view.php?id=CVE-2022-20538
16 Dec 2022 — In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770 En getSmsRoleHolder de RoleService.java, existe una manera posible de determinar si una aplicación está instalada, sin permisos de... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-203: Observable Discrepancy •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20539
https://notcve.org/view.php?id=CVE-2022-20539
16 Dec 2022 — In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425 En el parameterToHal de Effect.cpp, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría llevar a una escalada local de privilegio... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20540
https://notcve.org/view.php?id=CVE-2022-20540
16 Dec 2022 — In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 En SurfaceFlinger::doDump de SurfaceFlinger.cpp, existe la posibilidad de ejecución de código arbitrario debido a un use-after-free. Esto podría conducir a una escalada local de privilegios ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20541
https://notcve.org/view.php?id=CVE-2022-20541
16 Dec 2022 — In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126 En phNxpNciHal_ioctl de phNxpNciHal.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a la divulgación de información local con privil... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20543
https://notcve.org/view.php?id=CVE-2022-20543
16 Dec 2022 — In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261 En varias ubicaciones, existe un posible bucle de bloqueo de la pantalla debido a una validación de entrada incorrecta. Esto podría provocar una Denegación de Servicio (DoS) local con privilegios de ejecución del sistema nec... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-1284: Improper Validation of Specified Quantity in Input •