Vulnerabilities > Google > Android > Low

DATE CVE VULNERABILITY TITLE RISK
2023-02-28 CVE-2023-20932 Improper Input Validation vulnerability in Google Android
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation.
local
low complexity
google CWE-20
3.3
2022-12-16 CVE-2022-20519 Missing Authorization vulnerability in Google Android 13.0
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check.
local
low complexity
google CWE-862
3.3
2022-12-16 CVE-2022-20525 Exposure of Resource to Wrong Sphere vulnerability in Google Android 13.0
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass.
local
low complexity
google CWE-668
3.3
2022-12-16 CVE-2022-20526 Out-of-bounds Write vulnerability in Google Android 13.0
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
3.3
2022-12-16 CVE-2022-20528 Out-of-bounds Read vulnerability in Google Android 13.0
In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
3.3
2022-12-16 CVE-2022-20529 Exposure of Resource to Wrong Sphere vulnerability in Google Android 13.0
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code.
low complexity
google CWE-668
2.4
2022-12-16 CVE-2022-20531 Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2022-12-16 CVE-2022-20533 Missing Authorization vulnerability in Google Android 13.0
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check.
local
low complexity
google CWE-862
3.3
2022-12-16 CVE-2022-20535 Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2022-12-16 CVE-2022-20536 Missing Authorization vulnerability in Google Android 13.0
In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check.
local
low complexity
google CWE-862
3.3