Vulnerabilities > Google > Android > 10.0

DATE CVE VULNERABILITY TITLE RISK
2022-07-13 CVE-2022-20212 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack.
4.4
2022-07-13 CVE-2022-20219 Missing Encryption of Sensitive Data vulnerability in Google Android
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code.
local
low complexity
google CWE-311
2.1
2022-07-13 CVE-2022-20221 Out-of-bounds Read vulnerability in Google Android
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation.
low complexity
google CWE-125
3.3
2022-07-13 CVE-2022-20223 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy.
local
low complexity
google CWE-610
7.2
2022-07-13 CVE-2022-20224 Out-of-bounds Read vulnerability in Google Android
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check.
network
low complexity
google CWE-125
5.0
2022-07-13 CVE-2022-20225 Missing Authorization vulnerability in Google Android
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check.
local
low complexity
google CWE-862
2.1
2022-07-13 CVE-2022-20229 Out-of-bounds Write vulnerability in Google Android
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
critical
10.0
2022-07-13 CVE-2022-20230 Improper Input Validation vulnerability in Google Android
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation.
local
google CWE-20
1.9
2022-07-12 CVE-2022-30750 Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
local
low complexity
google CWE-668
2.1
2022-07-12 CVE-2022-30751 Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
local
low complexity
google CWE-668
2.1