CVSS: 3.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20226
https://notcve.org/view.php?id=CVE-2022-20226
13 Jul 2022 — In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 En la función finishDrawingWindow del archivo WindowManagerService.java, se presenta un posible tapjacking debido a una incorrecta validación de entrada. Esto podría conllevar a una escalada... • https://source.android.com/security/bulletin/2022-07-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20225
https://notcve.org/view.php?id=CVE-2022-20225
13 Jul 2022 — In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213457638 En la función getSubscriptionProperty del archivo SubscriptionController.java, se presenta una posible lectura de un identificado... • https://source.android.com/security/bulletin/2022-07-01 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-20224
https://notcve.org/view.php?id=CVE-2022-20224
13 Jul 2022 — In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646 En la función AT_SKIP_REST del archivo bta_hf_client_at.cc, se presenta una posible lectura fuera de límites debido a una comprobación de... • https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20223
https://notcve.org/view.php?id=CVE-2022-20223
13 Jul 2022 — In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534 En la función assertSafeToStartCustomActivity del archivo AppRestrictionsFragment.java, se presenta una posible f... • https://github.com/xbee9/cve-2022-20223 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20222
https://notcve.org/view.php?id=CVE-2022-20222
13 Jul 2022 — In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 En la función read_attr_value del archivo gatt_db.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una ejecución remota d... • https://source.android.com/security/bulletin/2022-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20221
https://notcve.org/view.php?id=CVE-2022-20221
13 Jul 2022 — In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133 En la función avrc_ctrl_pars_vendor_cmd del archivo avrc_pars_ct.cc, se presenta una posible lectura fuera de límites debido a una compr... • https://source.android.com/security/bulletin/2022-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20220
https://notcve.org/view.php?id=CVE-2022-20220
13 Jul 2022 — In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884 En la función openFile del archivo CallLogProvider.java, se presenta una posible omisión de permisos debido a un error de salto de ruta. Esto podría conllevar a una escalada local de privilegios, co... • https://source.android.com/security/bulletin/2022-07-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20219
https://notcve.org/view.php?id=CVE-2022-20219
13 Jul 2022 — In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613 En varias funciones de StorageManagerService.java y UserManagerService.java, es posible dejar l... • https://source.android.com/security/bulletin/2022-07-01 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20218
https://notcve.org/view.php?id=CVE-2022-20218
13 Jul 2022 — In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044 En la función PermissionController, se presenta una posible forma de conseguir y retener permisos sin el consentimiento del usuario debido a un error lógico en el ... • https://source.android.com/security/bulletin/2022-07-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-33712
https://notcve.org/view.php?id=CVE-2022-33712
11 Jul 2022 — Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. Una vulnerabilidad de redireccionamiento de intención usando intención implícita en Camera versiones anteriores a 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 en Android S(12) permite a un atacante conseguir información confidencial • https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=07 • CWE-285: Improper Authorization CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •