CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20133
https://notcve.org/view.php?id=CVE-2022-20133
15 Jun 2022 — In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 En la función setDiscoverableTimeout del archivo AdapterService.java, se presenta una posible omisión de la interacción con el usuario debido a una fa... • https://source.android.com/security/bulletin/2022-06-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20131
https://notcve.org/view.php?id=CVE-2022-20131
15 Jun 2022 — In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662 En la función nci_proc_rf_management_ntf del archivo nci_hrcv.cc, se presenta una posible lectura fuera de límites debido a una falta de comprobación de lími... • https://source.android.com/security/bulletin/2022-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20130
https://notcve.org/view.php?id=CVE-2022-20130
15 Jun 2022 — In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979 En la función transportDec_OutOfBandConfig del archivo tpdec_lib.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de... • https://github.com/Satheesh575555/external_aac_AOSP10_r33_CVE-2022-20130 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20129
https://notcve.org/view.php?id=CVE-2022-20129
15 Jun 2022 — In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 En la función registerPhoneAccount del archivo PhoneAccountRegistrar.java, es posible impedir que el usuario selecc... • https://source.android.com/security/bulletin/2022-06-01 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20127
https://notcve.org/view.php?id=CVE-2022-20127
15 Jun 2022 — In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 En la función ce_t4t_data_cback del archivo ce_t4t.cc, se presenta una posible escritura fuera de límites debido a una doble liberación. Esto podría conllevar a una ejecución de código... • https://source.android.com/security/bulletin/2022-06-01 • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2022-20126
https://notcve.org/view.php?id=CVE-2022-20126
15 Jun 2022 — In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023 En la función setScanMode del archivo AdapterService.java, se presenta una posible forma de habilitar el modo de detección de Bl... • https://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
15 Jun 2022 — In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 En GBoard, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica debido a un escape del sandb... • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20123
https://notcve.org/view.php?id=CVE-2022-20123
15 Jun 2022 — In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424 En la función phNciNfc_RecvMfResp del archivo phNxpExtns_MifareStd.cpp, se presenta una posible lectura fuera de límites debido a una falta de comproba... • https://source.android.com/security/bulletin/2022-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39691
https://notcve.org/view.php?id=CVE-2021-39691
15 Jun 2022 — In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 En WindowManager, se presenta un posible ataque de tapjacking debido a una bandera de ventana incorrecta cuando se procesa la entrada del usuario. Esto podría conllevar a un... • https://source.android.com/security/bulletin/2022-06-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20124
https://notcve.org/view.php?id=CVE-2022-20124
15 Jun 2022 — In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-170646036 En la función deletePackageX del archivo DeletePackageHelper.java, se presenta una posible forma... • https://source.android.com/security/bulletin/2022-12-01 •