CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39628
https://notcve.org/view.php?id=CVE-2021-39628
14 Jan 2022 — In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 En el archivo StatusBar.java, se presenta una posible divulgación del contenido de las notificaciones en la pantalla de bloqueo debido a un error lógico en el código. Esto... • https://source.android.com/security/bulletin/2022-01-01 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39627
https://notcve.org/view.php?id=CVE-2021-39627
14 Jan 2022 — In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549 En la función sendLegacyVoicemailNotification del archivo LegacyModeSmsHandler.java, se presenta una posible omisión de permisos debido a un Pending... • https://source.android.com/security/bulletin/2022-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39626
https://notcve.org/view.php?id=CVE-2021-39626
14 Jan 2022 — In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497 En la función onAttach del archivo ConnectedDeviceDashboardFragment.java, se presenta un posible bypass de permisos debido a un problem... • https://source.android.com/security/bulletin/2022-01-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39625
https://notcve.org/view.php?id=CVE-2021-39625
14 Jan 2022 — In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347 En la función showCarrierAppInstallationNotification del archivo EuiccNotificationManager.java, se presenta una p... • https://source.android.com/security/bulletin/2022-01-01 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-39623
https://notcve.org/view.php?id=CVE-2021-39623
14 Jan 2022 — In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348 En la función doRead del archivo SimpleDecodingSource.cpp, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Es... • https://github.com/bb33bb/CVE-2021-39623 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39622
https://notcve.org/view.php?id=CVE-2021-39622
14 Jan 2022 — In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648 En GBoard, se presenta una posible forma de omitir la protección de restablecimiento de fábrica debido a una comprobación de permisos que falta. Esto podría conllevar a una escalad... • https://source.android.com/security/bulletin/2022-01-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39621
https://notcve.org/view.php?id=CVE-2021-39621
14 Jan 2022 — In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319 En la función sendLegacyVoicemailNotification del archivo LegacyModeSmsHandler.java, se presenta una posible omisión de permisos debido a un Pending... • https://source.android.com/security/bulletin/2022-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39620
https://notcve.org/view.php?id=CVE-2021-39620
14 Jan 2022 — In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542 En la función ipcSetDataReference del archivo Parcel.cpp, se presenta una posible forma de corromper la memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una es... • https://source.android.com/security/bulletin/2022-01-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39618
https://notcve.org/view.php?id=CVE-2021-39618
14 Jan 2022 — In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999 En múltiples métodos del archivo EuiccNotificationManager.java, se presenta una posible forma de instalar paquetes existente... • https://source.android.com/security/bulletin/2022-01-01 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22286
https://notcve.org/view.php?id=CVE-2022-22286
07 Jan 2022 — A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. Una vulnerabilidad que usa PendingIntent en Bixby Routines anteriores a la versión 3.1.21.8 en Android R(11.0) y 2.6.30.5 en Android Q(10.0) permite a atacantes ejecutar una acción privilegiada al secuestrar y modificar la intención • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •