CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20478
https://notcve.org/view.php?id=CVE-2022-20478
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135 En NotificationChannel de NotificationChannel.java, existe una posible falla al conservar la configuración de permisos deb... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20611
https://notcve.org/view.php?id=CVE-2022-20611
13 Dec 2022 — In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 En deletePackageVersionedInternal de DeletePackageHelper.java, existe una forma posible de eludir las restricciones... • https://source.android.com/security/bulletin/2022-12-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20476
https://notcve.org/view.php?id=CVE-2022-20476
13 Dec 2022 — In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919 En setEnabledSetting de PackageManager.java, existe una forma posible de hacer que el dispositivo entre en un ciclo de reinicio infinit... • https://source.android.com/security/bulletin/2022-12-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20483
https://notcve.org/view.php?id=CVE-2022-20483
13 Dec 2022 — In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126 En varias funciones que analizan la respuesta avrc en avrc_pars_ct.cc y archivos relacionados, hay posibles lectu... • https://source.android.com/security/bulletin/2022-12-01 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20495
https://notcve.org/view.php?id=CVE-2022-20495
13 Dec 2022 — In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844 En getEnabledAccessibilityServiceList de AccessibilityManager.java, existe una forma posible de ocultar... • https://source.android.com/security/bulletin/2022-12-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20474
https://notcve.org/view.php?id=CVE-2022-20474
13 Dec 2022 — In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294 En readLazyValue de Parcel.java, existe una posible carga de código arbitrario en la aplicación Configuración del sistema debido... • https://github.com/cxxsheng/CVE-2022-20474 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20469
https://notcve.org/view.php?id=CVE-2022-20469
13 Dec 2022 — In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230867224 En avct_lcb_msg_asmbl de avct_lcb_act.cc, hay una posible escritura fuera de los límites debido a una verificación de los límites falt... • https://source.android.com/security/bulletin/2022-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20500
https://notcve.org/view.php?id=CVE-2022-20500
13 Dec 2022 — In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168 En loadFromXml de ShortcutPackage.java, existe una posible falla en el arranque debido a una excepción no detectada. Esto podría provocar una Denegación de Servicio... • https://source.android.com/security/bulletin/2022-12-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20485
https://notcve.org/view.php?id=CVE-2022-20485
13 Dec 2022 — In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935 En NotificationChannel de NotificationChannel.java, existe un posible fallo al conservar la configuración de permisos debi... • https://source.android.com/security/bulletin/2022-12-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20482
https://notcve.org/view.php?id=CVE-2022-20482
13 Dec 2022 — In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263 En createNotificationChannel de NotificationManager.java, existe una forma posible de inutilizar el dispositivo y requerir un ... • https://source.android.com/security/bulletin/2022-12-01 • CWE-400: Uncontrolled Resource Consumption •