1085 matches found
CVE-2022-20480
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20496
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20480
The CVE-2022-20480 issue affects Android’s NotificationChannel.java, where a risk of failing to persist permissions settings can occur due to resource exhaustion. This leads to local elevation of privilege without extra execution privileges required, and exploitation is user interaction–independe...
CVE-2022-20442
CVE-2022-20442 is a local elevation-of-privilege in Android via ReviewPermissionsActivity.java: an overlay/tapjacking path could allow granting permissions to another app on devices with API
CVE-2022-20466
CVE-2022-20466 describes a local information-disclosure flaw in Android where applyKeyguardFlags in NotificationShadeWindowControllerImpl.java could allow observing the user’s password on a secondary display due to an insecure default value. The issue affects Android 10–13 (Android-10, Android-11...
CVE-2022-20449
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0934
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2022-20483
In several functions that parse avrc response in avrcparsct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20487
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20471
In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
CVE-2022-20486
CVE-2022-20486 affects Android (Android-10, -11, -12, -12L, -13) where NotificationChannel.java may fail to persist permissions due to resource exhaustion, enabling local elevation of privilege with no extra execution privileges required. The issue is described as a resource-exhaustion vulnerabil...
CVE-2022-20611
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20482
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20476
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20478
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20468
In BNEPConnectResp of bnepapi.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20484
CVE-2022-20484 affects Android 10–13 where NotificationChannel.java’s permission persistence can fail due to resource exhaustion, enabling local elevation of privilege with no user interaction needed. CVSSv3.1 metrics indicate LOCAL access, LOW privileges, UI None, and HIGH impact on confidential...
CVE-2022-20485
CVE-2022-20485 affects Android’s NotificationChannel.java across Android 10–13 (including 12L/12) and is due to a resource-exhaustion path that can fail to persist permissions settings. The issue enables local elevation of privilege with no extra execution privileges required and no user interact...
CVE-2022-20488
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
ASB-A-242996180
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...