CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20494
https://notcve.org/view.php?id=CVE-2022-20494
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204 En AutomaticZenRule de AutomaticZenRule.java, existe un posible DoS persistente debido al agotamiento de recursos. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • https://github.com/Supersonic/CVE-2022-20494 https://source.android.com/security/bulletin/2023-01-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20214
https://notcve.org/view.php?id=CVE-2022-20214
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 • https://source.android.com/security/bulletin/aaos/2023-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20922
https://notcve.org/view.php?id=CVE-2023-20922
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548 En setMimeGroup de PackageManagerService.java, existe un posible bucle de bloqueo debido al agotamiento de los recursos. Esto podría provocar una denegación de servicio local sin necesidad de permisos de ejecución adicionales. No se necesita la interacción del usuario para la explotación. • https://source.android.com/security/bulletin/2023-01-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20921
https://notcve.org/view.php?id=CVE-2023-20921
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132 En onPackageRemoved de AccessibilityManagerService.java, existe la posibilidad de otorgar automáticamente servicios de accesibilidad debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. Se necesita la interacción del usuario para la explotación. • https://source.android.com/security/bulletin/2023-01-01 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20492
https://notcve.org/view.php?id=CVE-2022-20492
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 • https://source.android.com/security/bulletin/2023-01-01 • CWE-770: Allocation of Resources Without Limits or Throttling •