U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:/o:google:android:12.0
There are 854 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-20922

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2023-20920

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-20916

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-20915

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-20913

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-20908

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861

Published: January 26, 2023; 4:18:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204

Published: January 26, 2023; 4:15:28 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-20493

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

Published: January 26, 2023; 4:15:28 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-20492

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043

Published: January 26, 2023; 4:15:27 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-20490

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505

Published: January 26, 2023; 4:15:27 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-20489

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460

Published: January 26, 2023; 4:15:27 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-20461

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963

Published: January 26, 2023; 4:15:27 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780

Published: January 26, 2023; 4:15:26 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-20215

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206

Published: January 26, 2023; 4:15:26 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-20214

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

Published: January 26, 2023; 4:15:25 PM -0500
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2022-20213

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508

Published: January 26, 2023; 4:15:25 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-44446

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

Published: January 04, 2023; 5:15:13 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-44445

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

Published: January 04, 2023; 5:15:13 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-44444

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

Published: January 04, 2023; 5:15:13 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)