CVEDB API

Vulnerabilities

Vulnerable Software

Google: >> Android >> 12.1 Security Vulnerabilities

CVE-2022-20501

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359

CVSS Score

7.3

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20611

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180

CVSS Score

7.8

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20473

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173

CVSS Score

9.8

EPSS Score

0.597

Published

2022-12-13

CVE-2022-20474

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294

CVSS Score

7.8

EPSS Score

0.002

Published

2022-12-13

CVE-2022-20475

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194

CVSS Score

7.8

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20476

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919

CVSS Score

5.5

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20478

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135

CVSS Score

7.8

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20479

CVSS Score

7.8

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20480

CVSS Score

7.8

EPSS Score

0.0

Published

2022-12-13

CVE-2022-20482

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263

CVSS Score

5.5

EPSS Score

0.0

Published

2022-12-13

Prev Next

Page 45

Vulnerabilities

Vulnerable Software

Google: >> Android >> 12.1 Security Vulnerabilities

Products

Pricing

Contact Us