CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20026
https://notcve.org/view.php?id=CVE-2022-20026
09 Feb 2022 — In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. En Bluetooth, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20027
https://notcve.org/view.php?id=CVE-2022-20027
09 Feb 2022 — In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826. En Bluetooth, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20025
https://notcve.org/view.php?id=CVE-2022-20025
09 Feb 2022 — In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. En Bluetooth, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2022-20024
https://notcve.org/view.php?id=CVE-2022-20024
09 Feb 2022 — In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. En system service, se presenta una posible omisión de permisos debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1037
https://notcve.org/view.php?id=CVE-2021-1037
14 Jan 2022 — The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 La emisión que la función DevicePickerFragment envía cuando es emparejado un nuevo dispositivo no presenta ninguna comprobación de permisos, por lo que cualquier aplicación p... • https://source.android.com/security/bulletin/aaos/2022-01-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1036
https://notcve.org/view.php?id=CVE-2021-1036
14 Jan 2022 — In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182812255 En la función LocationSettingsActivity del archivo AndroidManifest.xml, se presenta un posible EoP debido a un ataque de tapjacking/overlay. Esto podría conllevar a un... • https://source.android.com/security/bulletin/aaos/2022-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1035
https://notcve.org/view.php?id=CVE-2021-1035
14 Jan 2022 — In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284 En la función setLaunchIntent del archivo BluetoothDevicePickerPreferenceController.java, se presenta una posible forma de invocar un ... • https://source.android.com/security/bulletin/aaos/2022-01-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39659
https://notcve.org/view.php?id=CVE-2021-39659
14 Jan 2022 — In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659 En la función sortSimPhoneAccountsForEmergency del archivo CreateConnectionProcessor.java, es posible que sea impedid... • https://source.android.com/security/bulletin/2022-01-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39632
https://notcve.org/view.php?id=CVE-2021-39632
14 Jan 2022 — In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709 En la función inotify_cb del archivo events.cpp, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una escalada local d... • https://source.android.com/security/bulletin/2022-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39629
https://notcve.org/view.php?id=CVE-2021-39629
14 Jan 2022 — In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344 En las funciones phTmlNfc_Init y phTmlNfc_CleanUp del archivo phTmlNfc.cc, se presenta un posible uso de memoria previamente liberada debido a una condición de c... • https://source.android.com/security/bulletin/2022-01-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •