CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2022-26427
https://notcve.org/view.php?id=CVE-2022-26427
01 Aug 2022 — In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540. En camera isp, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/August-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 23EXPL: 0CVE-2022-26426
https://notcve.org/view.php?id=CVE-2022-26426
01 Aug 2022 — In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486. En camera isp, se presenta una posible escritura fuera de límites debido a una comprobación de límites que falta. • https://corp.mediatek.com/product-security-bulletin/August-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2022-21792
https://notcve.org/view.php?id=CVE-2022-21792
01 Aug 2022 — In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410. En camera isp, se presenta una posible escritura fuera de límites debido a una comprobación de límites que falta. • https://corp.mediatek.com/product-security-bulletin/August-2022 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21791
https://notcve.org/view.php?id=CVE-2022-21791
01 Aug 2022 — In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059. En camera isp, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/August-2022 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21790
https://notcve.org/view.php?id=CVE-2022-21790
01 Aug 2022 — In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306. En camera isp, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/August-2022 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 22EXPL: 1CVE-2022-21789
https://notcve.org/view.php?id=CVE-2022-21789
01 Aug 2022 — In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101. En audio ipi, se presenta una posible corrupción de memoria debido a una condición de carrera. • https://github.com/docfate111/CVE-2022-21789 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20234
https://notcve.org/view.php?id=CVE-2022-20234
13 Jul 2022 — In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malic... • https://source.android.com/security/bulletin/aaos/2022-07-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20230
https://notcve.org/view.php?id=CVE-2022-20230
13 Jul 2022 — In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869 En la función choosePrivateKeyAlias del archivo KeyChain.java, se presenta un posible acceso al certificado del usuario debido a una comprobación de... • https://source.android.com/security/bulletin/2022-07-01 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20229
https://notcve.org/view.php?id=CVE-2022-20229
13 Jul 2022 — In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184 En la función bta_hf_client_handle_cind_list_item del archivo bta_hf_client_at.cc, se presenta una posible escritura fuera de límites debido a una ... • https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20229 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20228
https://notcve.org/view.php?id=CVE-2022-20228
13 Jul 2022 — In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092 En varias funciones del archivo C2DmaBufAllocator.cpp, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una divulgación... • https://source.android.com/security/bulletin/2022-07-01 • CWE-416: Use After Free •