CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2022-26447
https://notcve.org/view.php?id=CVE-2022-26447
06 Sep 2022 — In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478. En BT firmware, es posible que se produzca una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26450
https://notcve.org/view.php?id=CVE-2022-26450
06 Sep 2022 — In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801. En apusys, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20362
https://notcve.org/view.php?id=CVE-2022-20362
11 Aug 2022 — In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230756082 En Bluetooth, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una ejecución de código remota a través de Bluetooth sin ser necesarios privilegios de eje... • https://source.android.com/security/bulletin/android-13 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20342
https://notcve.org/view.php?id=CVE-2022-20342
11 Aug 2022 — In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-143534321 En WiFi, se presenta una posible divulgación de la contraseña de WiFi al usuario final debido a un valor por defecto no seguro. Esto podría conllevar a una divulgación de información local sin ser nece... • https://source.android.com/security/bulletin/android-13 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20341
https://notcve.org/view.php?id=CVE-2022-20341
11 Aug 2022 — In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-162952629 En ConnectivityService, se presenta una posible evasión de los permisos de red debido a una falta de comprobación de permisos. Esto podría conllevar a una divulgación de infor... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20340
https://notcve.org/view.php?id=CVE-2022-20340
11 Aug 2022 — In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-166269532 En SELinux policy, se presenta una posible forma de inferir qué sitios web están abriendo en el navegador debido a una falta de comprobación de permisos. Esto podría conl... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20339
https://notcve.org/view.php?id=CVE-2022-20339
11 Aug 2022 — In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171572148 En Android, se presenta un posible acceso a la información de la tabla de vecinos de red debido a una configuración no segura de SEpolicy. Esto podría conllevar a una... • https://source.android.com/security/bulletin/android-13 •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20336
https://notcve.org/view.php?id=CVE-2022-20336
11 Aug 2022 — In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network during VPN lockdown mode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-177239688 En Settings, se presenta una posible divulgación de la aplicación instalada debido a una falta de comprobación de permisos. Esto podrí... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20335
https://notcve.org/view.php?id=CVE-2022-20335
11 Aug 2022 — In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725 En Wifi Slice, es posible ajustar la configuración de Wi-Fi incluso cuando el permiso ha sido desactivado debido a una falta de comprobación de permisos. Esto podría... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20334
https://notcve.org/view.php?id=CVE-2022-20334
11 Aug 2022 — In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178800552 En Bluetooth, es posible que se produzcan caídas de procesos debido a una desreferencia de un puntero null. Esto podría conllevar a una denegación de servicio remota sin ser necesarios privilegios de ejecución adicionales. No ... • https://source.android.com/security/bulletin/android-13 • CWE-476: NULL Pointer Dereference •