CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20451
https://notcve.org/view.php?id=CVE-2022-20451
08 Nov 2022 — In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 En onCallRedirectionComplete de CallsManager.java, existe una posible omisión de permisos debido a una falta de verificación de permisos. Est... • https://source.android.com/security/bulletin/2022-11-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20450
https://notcve.org/view.php?id=CVE-2022-20450
08 Nov 2022 — In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 En restorePermissionState de PermissionManagerServiceImpl.java, existe una forma posible de omitir el consentimiento... • https://source.android.com/security/bulletin/2022-11-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20457
https://notcve.org/view.php?id=CVE-2022-20457
08 Nov 2022 — In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784 En getMountModeInternal de StorageManagerService.java, existe una posible prevención de la instalación del paquete debido a una validación de entrada incorrecta. E... • https://source.android.com/security/bulletin/2022-11-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20453
https://notcve.org/view.php?id=CVE-2022-20453
08 Nov 2022 — In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 En la actualización de MmsProvider.java, existe una posible restricción de los permisos del directorio debido a un error de path trav... • https://source.android.com/security/bulletin/2022-11-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32615
https://notcve.org/view.php?id=CVE-2022-32615
08 Nov 2022 — In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. En ccd, existe una posible escritura fuera de límites debido a datos no inicializados. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21778
https://notcve.org/view.php?id=CVE-2022-21778
08 Nov 2022 — In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. En vpu, existe una posible divulgación de información debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32608
https://notcve.org/view.php?id=CVE-2022-32608
08 Nov 2022 — In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. En jpeg, existe un posible use-after-free debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20448
https://notcve.org/view.php?id=CVE-2022-20448
08 Nov 2022 — In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 En buzzBeepBlinkLocked de NotificationManagerService.java, existe una forma posible de compartir datos entre usuarios debid... • https://source.android.com/security/bulletin/2022-11-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20414
https://notcve.org/view.php?id=CVE-2022-20414
08 Nov 2022 — In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 En setImpl de AlarmManagerService.java, existe una manera posible de poner un dispositivo en un bucle de arranque debido a una excepción no d... • https://source.android.com/security/bulletin/2022-11-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32605
https://notcve.org/view.php?id=CVE-2022-32605
08 Nov 2022 — In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. En isp, existe una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-787: Out-of-bounds Write •