CVE-2023-20915

CVE-2023-20915 concerns a logic error in PhoneAccountRegistrar.java (Android framework) that can allow enabling a phone account without user interaction. The issue enables local escalation of privilege with no additional execution privileges, impacting Android 10–13 per the CVE record. The proble...

CVE-2023-20908

CVE-2023-20908 affects Android releases 10–13, with a DoS in SettingsState.java that can cause a system crash loop through resource exhaustion. Exploitation is local with no user interaction; available CVSS vectors indicate local, low complexity, low privileges, high availability impact. The prim...

CVE-2022-20215

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2022-20490

CVE-2022-20490 affects Android devices via the file AutomaticZenRule.java, with a vulnerability caused by resource exhaustion that can cause a failure to persist permissions settings. The impact is a local escalation of privilege, requiring local access with no additional execution privileges and...

CVE-2022-20489

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-20908

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

CVE-2022-20493

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2022-20493

CVE-2022-20493 affects Android 10–13 (Android-10 to Android-13) via Condition.java, where improper input validation could grant notification access and cause local elevation of privilege. Exploitation requires user interaction; no additional execution privileges are needed. Patch references point...

CVE-2022-20494

The CVE-2022-20494 issue affects Android (Android 10–13) and involves the AutomaticZenRule component (AutomaticZenRule.java). The described vulnerability is a possible persistent DoS caused by resource exhaustion, enabling a local denial of service with no user interaction required. Impact is lim...

CVE-2022-20213

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

CVE-2022-20489

Summary: CVE-2022-20489 describes an elevation-of-privilege issue in Android related to AutomaticZenRule.java, allowing local escalation without extra execution privileges and no user interaction. Affected software: Android devices (Android-10 to Android-13) as listed in the CVE entry and Android...

CVE-2022-20214

CVE-2022-20214 (Android) affects the Car Settings app on Android 10–12. The vulnerability is a tapjacking issue where an attacker can overlay the “Modify system settings” toggle, potentially allowing apps to modify system settings without user consent. The CVSS 3.1 base metrics indicate: Attack V...

CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

CVE-2022-20492

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20456

CVE-2022-20456 : In AutomaticZenRule.java, there is a vulnerability due to a failure to persist permissions settings caused by resource exhaustion, which could lead to local elevation of privilege with no additional execution privileges needed. Affected: Android 10–13 (Android-10, Android-11, And...

CVE-2022-20215

CVE-2022-20215 describes a tapjacking/overlay attack in the MasterClearConfirmFragment.java on Android 10–12 that could trigger a local factory reset, causing a denial of service without extra privileges. Exploitation requires user interaction and can occur locally; no exploit details or likeliho...

CVE-2022-20500

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

CVE-2022-20479

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20486

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...