CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20356
https://notcve.org/view.php?id=CVE-2022-20356
09 Aug 2022 — In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 En la función shouldAllowFgsWhileInUsePermissionLocked del archivo ActiveServices.java, se presenta una posible fo... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20355
https://notcve.org/view.php?id=CVE-2022-20355
09 Aug 2022 — In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290 En la obtención del archivo PacProxyService.java, se presenta un posible bloqueo del servicio del sistema debido a una comprobación de entrada inapropiada. Esto podría conllevar a u... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20354
https://notcve.org/view.php?id=CVE-2022-20354
09 Aug 2022 — In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241 En la función onDefaultNetworkChanged del archivo Vpn.java, se presenta una posible forma de desactivar la VPN debido a un error lógico en el código. Esto podría conllevar... • https://source.android.com/security/bulletin/2022-08-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20353
https://notcve.org/view.php?id=CVE-2022-20353
09 Aug 2022 — In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256 En la función onSaveRingtone del archivo DefaultRingtonePreference.java, se presenta una posible lectura inapropiada de archivos debido a una c... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20352
https://notcve.org/view.php?id=CVE-2022-20352
09 Aug 2022 — In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-222473855 En la función addProviderRequestListener del archivo LocationManagerService.java, se presenta una posible forma de conocer... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20350
https://notcve.org/view.php?id=CVE-2022-20350
09 Aug 2022 — In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437 En la función onCreate del archivo NotificationAccessConfirmationActivity.java, se presenta una pos... • https://source.android.com/security/bulletin/2022-08-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20349
https://notcve.org/view.php?id=CVE-2022-20349
09 Aug 2022 — In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522 En las funciones WifiScanningPreferenceController y BluetoothScanningPreferenceController, se presenta una posible... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20348
https://notcve.org/view.php?id=CVE-2022-20348
09 Aug 2022 — In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529 En la función updateState del archivo LocationServicesWifiScanningPreferenceController.java, se presenta una posible omi... • https://source.android.com/security/bulletin/2022-08-01 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20347
https://notcve.org/view.php?id=CVE-2022-20347
09 Aug 2022 — In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 En la función onAttach del archivo ConnectedDeviceDashboardFragment.java, se presenta una posible omisión de permisos debido a un pr... • https://github.com/hshivhare67/platform_packages_apps_settings_AOSP10_r33_CVE-2022-20347 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20346
https://notcve.org/view.php?id=CVE-2022-20346
09 Aug 2022 — In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653 En la función updateAudioTrackInfoFromESDS_MPEG4Audio del archivo MPEG4Extractor.cpp, se presenta una posible lectura fuera de límites deb... • https://source.android.com/security/bulletin/2022-08-01 • CWE-125: Out-of-bounds Read •