CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/12/13 4:15 p.m.•19 views

Code injection

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

4.3CVSS7.7AI score0.00014EPSS

1.7CVSS5AI score0.00018EPSS

Out-of-bounds

In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

Prion•added 2022/12/13 4:15 p.m.•11 views

Integer overflow

In several functions that parse avrc response in avrcparsct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

5CVSS7.2AI score0.00788EPSS

Prion•added 2022/12/13 4:15 p.m.•18 views

Code injection

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

4.3CVSS7.8AI score0.00321EPSS

Exploits1References1Affected Software1

4.3CVSS7.7AI score0.00012EPSS

Design/Logic Flaw

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Prion•added 2022/12/13 4:15 p.m.•18 views

Code injection

4.3CVSS7.7AI score0.00014EPSS

UbuntuCve•added 2022/12/13 4:15 p.m.•22 views

CVE-2022-20485

7.8CVSS7.1AI score0.00014EPSS

UbuntuCve•added 2022/12/13 4:15 p.m.•23 views

CVE-2022-20480

7.8CVSS7.1AI score0.00031EPSS

UbuntuCve•added 2022/12/13 4:15 p.m.•29 views

CVE-2022-20482

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.3AI score0.0003EPSS

1.7CVSS5.4AI score0.00015EPSS

Code injection

In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

UbuntuCve•added 2022/12/13 4:15 p.m.•27 views

CVE-2022-20476

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS6.1AI score0.00033EPSS

Prion•added 2022/12/13 4:15 p.m.•19 views

Code injection

4.3CVSS7.7AI score0.00031EPSS

Prion•added 2022/12/13 4:15 p.m.•12 views

Code injection

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

1.7CVSS5.4AI score0.00033EPSS

5.8CVSS8.8AI score0.02238EPSS

Out-of-bounds

In avdtmsgasmbl of avdtmsg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

Prion•added 2022/12/13 4:15 p.m.•16 views

Design/Logic Flaw

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

4.1CVSS7.2AI score0.00014EPSS

UbuntuCve•added 2022/12/13 4:15 p.m.•24 views

CVE-2022-20488

7.8CVSS7.1AI score0.00014EPSS

Prion•added 2022/12/13 4:15 p.m.•16 views

Path traversal

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

1.4CVSS4.6AI score0.00015EPSS

Prion•added 2022/12/13 4:15 p.m.•19 views

Design/Logic Flaw

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

1.9CVSS5.2AI score0.00037EPSS

Prion•added 2022/12/13 4:15 p.m.•17 views

Command injection

1.7CVSS5.3AI score0.0003EPSS