Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2022-07-13 CVE-2022-20212 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack.
4.4
2022-07-13 CVE-2022-20216 Unspecified vulnerability in Google Android
android exported is used to set third-party app access permissions, and the default value of intent-filter is true.
network
low complexity
google
critical
10.0
2022-07-13 CVE-2022-20218 Improper Privilege Management vulnerability in Google Android 12.0/12.1
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code.
local
google CWE-269
4.4
2022-07-13 CVE-2022-20219 Missing Encryption of Sensitive Data vulnerability in Google Android
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code.
local
low complexity
google CWE-311
2.1
2022-07-13 CVE-2022-20220 Path Traversal vulnerability in Google Android 12.0/12.1
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.
local
low complexity
google CWE-22
7.2
2022-07-13 CVE-2022-20221 Out-of-bounds Read vulnerability in Google Android
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation.
low complexity
google CWE-125
3.3
2022-07-13 CVE-2022-20222 Out-of-bounds Write vulnerability in Google Android 12.0/12.1
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
critical
10.0
2022-07-13 CVE-2022-20223 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy.
local
low complexity
google CWE-610
7.2
2022-07-13 CVE-2022-20224 Out-of-bounds Read vulnerability in Google Android
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check.
network
low complexity
google CWE-125
5.0
2022-07-13 CVE-2022-20225 Missing Authorization vulnerability in Google Android
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check.
local
low complexity
google CWE-862
2.1