CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20472
https://notcve.org/view.php?id=CVE-2022-20472
13 Dec 2022 — In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579 En toLanguageTag de LocaleListCache.cpp, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría co... • https://source.android.com/security/bulletin/2022-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20466
https://notcve.org/view.php?id=CVE-2022-20466
13 Dec 2022 — In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730 En applyKeyguardFlags de NotificationShadeWindowControllerImpl.java, existe una forma ... • https://source.android.com/security/bulletin/2022-12-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20240
https://notcve.org/view.php?id=CVE-2022-20240
13 Dec 2022 — In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 En sOpAllowSystemRestrictionBypass de AppOpsManager.java, existe una posible fuga de información de ubicación debido a una falta de verificación de permisos. Es... • https://source.android.com/security/bulletin/2022-12-01 • CWE-862: Missing Authorization •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20449
https://notcve.org/view.php?id=CVE-2022-20449
13 Dec 2022 — In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237 En writeApplicationRestrictionsLAr de UserManagerService.java, existe una posible sobrescritura de archivos del sistema debido a un err... • https://source.android.com/security/bulletin/2022-12-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20484
https://notcve.org/view.php?id=CVE-2022-20484
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20470
https://notcve.org/view.php?id=CVE-2022-20470
13 Dec 2022 — In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191 En bindRemoteViewsService de AppWidgetServiceImpl.java, existe una forma posible de evitar el inicio de la acti... • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20470 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20477
https://notcve.org/view.php?id=CVE-2022-20477
13 Dec 2022 — In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867 En shouldHideNotification de KeyguardNotificationVisibilityProvider.kt, existe una forma posible de mostrar notificaciones ocultas debido a un error... • https://source.android.com/security/bulletin/2022-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20473
https://notcve.org/view.php?id=CVE-2022-20473
13 Dec 2022 — In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173 En toLanguageTag de LocaleListCache.cpp, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría co... • https://github.com/Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20496
https://notcve.org/view.php?id=CVE-2022-20496
13 Dec 2022 — In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273 En setDataSource de initMediaExtractor.cpp, existe la posibilidad de ejecución de código arbitrario debido a un use-after-free. Esto podría dar lugar a la divulgació... • https://source.android.com/security/bulletin/2022-12-01 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20468
https://notcve.org/view.php?id=CVE-2022-20468
13 Dec 2022 — In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451 En BNEP_ConnectResp de bnep_api.cc, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Es... • https://source.android.com/security/bulletin/2022-12-01 • CWE-125: Out-of-bounds Read •