CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20544
https://notcve.org/view.php?id=CVE-2022-20544
16 Dec 2022 — In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070 En onOptionsItemSelected de ManageApplications.java, existe una posible omisión de las restricciones del propietario del perfil debido a una falta de verificación... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20546
https://notcve.org/view.php?id=CVE-2022-20546
16 Dec 2022 — In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798 En getCurrentConfigImpl de Effect.cpp, existe una posible escritura fuera de los límites debido a una comprobación de los límites faltante. Esto podría conducir a una escalada local de privilegios con per... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20547
https://notcve.org/view.php?id=CVE-2022-20547
16 Dec 2022 — In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753 En múltiples funciones de AdapterService.java, existe una forma posible de manipular el estado de Bluetooth debido a una falta de verificación de permisos. Esto podría cond... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20548
https://notcve.org/view.php?id=CVE-2022-20548
16 Dec 2022 — In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398 En setParameter de EqualizerEffect.cpp, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. Esto podría conducir a una escalada local de privilegios... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20549
https://notcve.org/view.php?id=CVE-2022-20549
16 Dec 2022 — In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451 En authToken2AidlVec de KeyMintUtils.cpp, existe una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privileg... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20550
https://notcve.org/view.php?id=CVE-2022-20550
16 Dec 2022 — In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514 En múltiples ubicaciones, existe la posibilidad de iniciar actividades protegidas arbitrarias debido a un diputado confundido. Esto podría conducir a una escalada local de privilegios con permisos de eje... • https://source.android.com/security/bulletin/pixel/2022-12-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20552
https://notcve.org/view.php?id=CVE-2022-20552
16 Dec 2022 — In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806 En btif_a2dp_sink_command_ready de btif_a2dp_sink.cc, existe una posible lectura fuera de los límites debido a un use-after-free. Esto podría dar lugar a la divulgación de información local ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20553
https://notcve.org/view.php?id=CVE-2022-20553
16 Dec 2022 — In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265 En onCreate de LogAccessDialogActivity.java, existe una forma posible de omitir una verificación de permiso debido a un ataque de tapjacking/superposición. Esto podría conducir a una e... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20554
https://notcve.org/view.php?id=CVE-2022-20554
16 Dec 2022 — In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596 En removeEventHubDevice de InputDevice.cpp, existe una posible lectura OOB debido a un use-after-free. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. No se ne... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20555
https://notcve.org/view.php?id=CVE-2022-20555
16 Dec 2022 — In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233 En ufdt_get_node_by_path_len de ufdt_convert.c, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a la divulgación de informac... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •