CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20556
https://notcve.org/view.php?id=CVE-2022-20556
16 Dec 2022 — In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667 En launchConfigNewNetworkFragment de NetworkProviderSettings.java, existe una forma posible para que el usuario invitado agregue una nue... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20557
https://notcve.org/view.php?id=CVE-2022-20557
16 Dec 2022 — In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734 En MessageQueueBase de MessageQueueBase.h, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios c... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20558
https://notcve.org/view.php?id=CVE-2022-20558
16 Dec 2022 — In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289 En RegisterReceivers de DeviceCapabilityListener.java, existe una forma posible de cambiar el modo TTY preferido debido a una omisión de permisos. Esto podría conducir a ... • https://source.android.com/security/bulletin/pixel/2022-12-01 •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20559
https://notcve.org/view.php?id=CVE-2022-20559
16 Dec 2022 — In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967 En revokeOwnPermissionsOnKill de PermissionManager.java, existe una forma posible de determinar si una aplicación ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42535
https://notcve.org/view.php?id=CVE-2022-42535
16 Dec 2022 — In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183 En una consulta en MmsSmsProvider.java, existe un posible acceso a tablas restringidas debido a inyección SQL. Esto podría dar lugar a la divulgación de información local con privilegios de ejecución del usuario ... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42542
https://notcve.org/view.php?id=CVE-2022-42542
16 Dec 2022 — In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184 En phNxpNciHal_core_initialized de phNxpNciHal.cc, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada loc... • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42544
https://notcve.org/view.php?id=CVE-2022-42544
16 Dec 2022 — In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20471
https://notcve.org/view.php?id=CVE-2022-20471
13 Dec 2022 — In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877 En SendIncDecRestoreCmdPart2 de NxpMfcReader.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto p... • https://source.android.com/security/bulletin/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20442
https://notcve.org/view.php?id=CVE-2022-20442
13 Dec 2022 — In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367 En onCreate de ReviewPermissionsActivity.java, existe una forma posible de otorgar permisos para una aplicación separad... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20488
https://notcve.org/view.php?id=CVE-2022-20488
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1284: Improper Validation of Specified Quantity in Input •