Vulnerabilities > Google > Android > 11.0

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-28782 Unspecified vulnerability in Google Android 11.0/12.0
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard.
low complexity
google
4.6
2022-05-03 CVE-2022-28783 Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission.
local
low complexity
google CWE-20
3.6
2022-05-03 CVE-2022-28784 Path Traversal vulnerability in Google Android 10.0/11.0/12.0
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user.
local
low complexity
google CWE-22
2.1
2022-05-03 CVE-2022-28785 Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
local
low complexity
google CWE-125
2.1
2022-05-03 CVE-2022-28786 Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
local
low complexity
google CWE-125
2.1
2022-05-03 CVE-2022-28787 Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
local
low complexity
google CWE-125
2.1
2022-05-03 CVE-2022-28788 Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
local
low complexity
google CWE-125
2.1
2022-04-12 CVE-2021-0694 Incorrect Authorization vulnerability in Google Android 11.0
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions.
local
low complexity
google CWE-863
7.2
2022-04-12 CVE-2021-39794 Incorrect Default Permissions vulnerability in Google Android 11.0/12.0/12.1
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check.
network
high complexity
google CWE-276
7.6
2022-04-12 CVE-2021-39796 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack.
6.9