CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 1CVE-2023-20921
https://notcve.org/view.php?id=CVE-2023-20921
24 Jan 2023 — In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132 En onPackageRemoved de AccessibilityManagerService.java, existe la posibilidad de otorgar automáticamente ... • https://github.com/Trinadh465/frameworks_base_android-6.0.1_r22_CVE-2023-20921 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20456
https://notcve.org/view.php?id=CVE-2022-20456
24 Jan 2023 — In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780 • https://github.com/hshivhare67/platform_frameworks_base_AOSP10_r33_CVE-2022-20456 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20213
https://notcve.org/view.php?id=CVE-2022-20213
24 Jan 2023 — In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 • https://source.android.com/security/bulletin/aaos/2023-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20908
https://notcve.org/view.php?id=CVE-2023-20908
24 Jan 2023 — In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861 En varias funciones de SettingsState.java, existe un posible bucle de bloqueo del sistema debido al agotamiento de los recursos. Esto podría provocar una dene... • https://source.android.com/security/bulletin/2023-01-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20489
https://notcve.org/view.php?id=CVE-2022-20489
24 Jan 2023 — In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460 • https://github.com/hshivhare67/platform_frameworks_base_AOSP10_r33_CVE-2022-20489_old • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20913
https://notcve.org/view.php?id=CVE-2023-20913
24 Jan 2023 — In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 En onCreate of PhoneAccountSettingsActivity.java y archivos relacionados, existe una ma... • https://source.android.com/security/bulletin/2023-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20920
https://notcve.org/view.php?id=CVE-2023-20920
24 Jan 2023 — In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366 En la cola de UsbRequest.java, existe una posible forma de dañar la memoria debido a un use after free. Esto podría conducir a una escalada local de privilegios sin n... • https://source.android.com/security/bulletin/2023-01-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20492
https://notcve.org/view.php?id=CVE-2022-20492
24 Jan 2023 — In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 • https://github.com/hshivhare67/platform_frameworks_base_AOSP10_r33_CVE-2022-20492 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20493
https://notcve.org/view.php?id=CVE-2022-20493
24 Jan 2023 — In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 • https://github.com/Trinadh465/frameworks_base_CVE-2022-20493 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20915
https://notcve.org/view.php?id=CVE-2023-20915
24 Jan 2023 — In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197 En addOrReplacePhoneAccount de PhoneAccountRegistrar.java, existe una forma posible de habilit... • https://source.android.com/security/bulletin/2023-01-01 • CWE-670: Always-Incorrect Control Flow Implementation •