CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20492
https://notcve.org/view.php?id=CVE-2022-20492
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 • https://source.android.com/security/bulletin/2023-01-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20913
https://notcve.org/view.php?id=CVE-2023-20913
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 En onCreate of PhoneAccountSettingsActivity.java y archivos relacionados, existe una manera posible de engañar al usuario para que habilite una cuenta de teléfono maliciosa debido a un ataque de secuestro/superposición. Esto podría conducir a una escalada local de privilegios con permisos de ejecución del usuario necesarios. Se necesita la interacción del usuario para la explotación.Producto: Android; Versiones: Android-10, Android-11, Android-12, Android-12L, Android-13; ID de Android: A-246933785 • https://source.android.com/security/bulletin/2023-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20905
https://notcve.org/view.php?id=CVE-2023-20905
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 En Mfc_Transceive de phNxpExtns_MifareStd.cpp, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. No se necesita la interacción del usuario para la explotación. • https://source.android.com/security/bulletin/2023-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20213
https://notcve.org/view.php?id=CVE-2022-20213
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 • https://source.android.com/security/bulletin/aaos/2023-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20493
https://notcve.org/view.php?id=CVE-2022-20493
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 • https://source.android.com/security/bulletin/2023-01-01 • CWE-1284: Improper Validation of Specified Quantity in Input •