CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20283
https://notcve.org/view.php?id=CVE-2022-20283
11 Aug 2022 — In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336 En Bluetooth, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una ejecución de código remota a través de Bluetooth sin ser necesarios privilegios de eje... • https://source.android.com/security/bulletin/android-13 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20282
https://notcve.org/view.php?id=CVE-2022-20282
11 Aug 2022 — In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083104 En AppWidget, se presenta una posibilidad de iniciar una actividad desde el fondo debido a una falta de comprobación de permisos. Esto podría conllevar a una escalada local de privilegios sin ser n... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20281
https://notcve.org/view.php?id=CVE-2022-20281
11 Aug 2022 — In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083967 En Core, existe la posibilidad de iniciar una actividad desde el fondo debido a una falta de comprobación de permisos. Esto podría conllevar a una escalada local de privilegios, con los privilegios de ejecuc... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20280
https://notcve.org/view.php?id=CVE-2022-20280
11 Aug 2022 — In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261 En MMSProvider, se presenta una posible lectura de datos protegidos debido a una inyección de comprobación de entrada inapropiada SQL. Esto podría conllevar a una divulgación de información local... • https://source.android.com/security/bulletin/android-13 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20279
https://notcve.org/view.php?id=CVE-2022-20279
11 Aug 2022 — In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204877302 En DevicePolicyManager, se presenta una posible forma de determinar si una app está instalada, sin permisos de consulta, debido a una divulgación d... • https://source.android.com/security/bulletin/android-13 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20278
https://notcve.org/view.php?id=CVE-2022-20278
11 Aug 2022 — In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113 En Accounts, se presenta una posible forma de escribir información confidencial en el registro del sistema debido a un filtrado insuficiente del registro. Esto podría conllevar a una divulgación... • https://source.android.com/security/bulletin/android-13 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20277
https://notcve.org/view.php?id=CVE-2022-20277
11 Aug 2022 — In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205145497 En DevicePolicyManager, se presenta una posible forma de determinar si una aplicación está instalada, sin permisos de consulta, debido a una divulg... • https://source.android.com/security/bulletin/android-13 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20276
https://notcve.org/view.php?id=CVE-2022-20276
11 Aug 2022 — In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205706731 En DevicePolicyManager, se presenta una posible forma de determinar si una aplicación está instalada, sin permisos de consulta, debido a una divulg... • https://source.android.com/security/bulletin/android-13 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20275
https://notcve.org/view.php?id=CVE-2022-20275
11 Aug 2022 — In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205836975 En DevicePolicyManager, se presenta una posible forma de determinar si una aplicación está instalada, sin permisos de consulta, debido a una divulg... • https://source.android.com/security/bulletin/android-13 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20274
https://notcve.org/view.php?id=CVE-2022-20274
11 Aug 2022 — In Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206470146 En Keyguard, falta una comprobación de permisos. Esto podría conllevar a una escalada local de privilegios y la prevención del tiempo de espera de la pantalla con los privilegios de ejecución User necesarios. No es requerida una inte... • https://source.android.com/security/bulletin/android-13 • CWE-862: Missing Authorization •