850 matches found
CVE-2022-20471
In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
CVE-2022-20483
In several functions that parse avrc response in avrcparsct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20488
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20471
CVE-2022-20471 involves an out-of-bounds read in SendIncDecRestoreCmdPart2 of NxpMfcReader.cc due to a missing bounds check. This can lead to local information disclosure on affected Android versions (Android 11–13). The issue does not require user interaction and does not grant remote code execu...
CVE-2022-20470
In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-0934
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2022-20472
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-1...
CVE-2022-20482
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20478
CVE-2022-20478 affects the Android NotificationChannel implementation (NotificationChannel.java) with a likely resource-exhaustion related failure to persist permissions, enabling local elevation of privilege without extra execution privileges. Affected products/versions include Android-10 throug...
CVE-2021-0934
Summary: CVE-2021-0934 is a DoS in Android: in the function findAllDeAccounts of AccountsDb.java, causing resource exhaustion and local denial of service without extra privileges or user interaction. Affected products/versions include Android 10–13. The vulnerability’s impact is DoS; no exploit d...
CVE-2022-20484
CVE-2022-20484 affects Android 10–13 where NotificationChannel.java’s permission persistence can fail due to resource exhaustion, enabling local elevation of privilege with no user interaction needed. CVSSv3.1 metrics indicate LOCAL access, LOW privileges, UI None, and HIGH impact on confidential...
CVE-2022-20480
The CVE-2022-20480 issue affects Android’s NotificationChannel.java, where a risk of failing to persist permissions settings can occur due to resource exhaustion. This leads to local elevation of privilege without extra execution privileges required, and exploitation is user interaction–independe...
CVE-2022-20491
CVE-2022-20491 affects Android devices via the NotificationChannel.java component. The issue is a resource exhaustion bug that can cause a failure to persist permission settings, enabling local elevation of privilege without user interaction. Affected: Android 10–13 (Android-10/11/12/12L/13). Imp...
CVE-2022-20466
CVE-2022-20466 describes a local information-disclosure flaw in Android where applyKeyguardFlags in NotificationShadeWindowControllerImpl.java could allow observing the user’s password on a secondary display due to an insecure default value. The issue affects Android 10–13 (Android-10, Android-11...
CVE-2022-20474
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20480
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20476
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20478
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20479
CVE-2022-20479 affects Android’s NotificationChannel.java (NotificationChannel) and is categorized as an Elevation of Privilege (EoP) issue due to a resource exhaustion bug that can enable local privilege escalation without user interaction. Affected: Android-10 through Android-13; root cause is ...
CVE-2022-20442
CVE-2022-20442 is a local elevation-of-privilege in Android via ReviewPermissionsActivity.java: an overlay/tapjacking path could allow granting permissions to another app on devices with API