CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39080
https://notcve.org/view.php?id=CVE-2022-39080
14 Oct 2022 — In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. En messaging service, se presenta una falta de comprobación de permisos. Esto podría conllevar a una elevación de privilegios en el servicio de contactos sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38676
https://notcve.org/view.php?id=CVE-2022-38676
14 Oct 2022 — In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. En gpu driver, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una denegación de servicio local en el kernel • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38687
https://notcve.org/view.php?id=CVE-2022-38687
14 Oct 2022 — In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. En messaging service, falta una comprobación de permisos. Esto podría conllevar a una denegación de servicio local en messaging service sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38677
https://notcve.org/view.php?id=CVE-2022-38677
14 Oct 2022 — In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. En cell service, falta una comprobación de permisos. Esto podría conllevar a una denegación de servicio local en el servicio celular sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39105
https://notcve.org/view.php?id=CVE-2022-39105
14 Oct 2022 — In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. En sensor driver, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una denegación de servicio local en el kernel • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38688
https://notcve.org/view.php?id=CVE-2022-38688
14 Oct 2022 — In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. En telephony service, falta una comprobación de permisos. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20394
https://notcve.org/view.php?id=CVE-2022-20394
11 Oct 2022 — In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124 En la función getInputMethodWindowVisibleHeight del archivo InputMethodManagerService.java, se pres... • https://source.android.com/security/bulletin/2022-10-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20416
https://notcve.org/view.php?id=CVE-2022-20416
11 Oct 2022 — In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857 En la función audioTransportsToHal del archivo HidlUtils.cpp, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Esto p... • https://source.android.com/security/bulletin/2022-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20429
https://notcve.org/view.php?id=CVE-2022-20429
11 Oct 2022 — In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473 En CarSettings de app packages, se presenta una posible derivación de permisos debido a un adjunto confuso. Esto podría conllevar a una escalada local de p... • https://source.android.com/security/bulletin/aaos/2022-10-01 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20419
https://notcve.org/view.php?id=CVE-2022-20419
11 Oct 2022 — In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578 En la función setOptions del archivo ActivityRecord.java, es posible cargar cualquier código Java arbitrario en el proceso de lanzamiento debido a un er... • https://source.android.com/security/bulletin/2022-10-01 •