Vulnerabilities > Google > Android > Low

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2022-20533 Missing Authorization vulnerability in Google Android 13.0
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check.
local
low complexity
google CWE-862
3.3
2022-12-16 CVE-2022-20529 Missing Authorization vulnerability in Google Android 13.0
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code.
low complexity
google CWE-862
2.4
2022-12-16 CVE-2022-20528 Out-of-bounds Read vulnerability in Google Android 13.0
In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
3.3
2022-12-16 CVE-2022-20526 Out-of-bounds Write vulnerability in Google Android 13.0
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
3.3
2022-12-16 CVE-2022-20525 Information Exposure Through an Error Message vulnerability in Google Android 13.0
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass.
local
low complexity
google CWE-209
3.3
2022-12-16 CVE-2022-20519 Missing Authorization vulnerability in Google Android 13.0
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check.
local
low complexity
google CWE-862
3.3
2022-12-13 CVE-2022-20240 Missing Authorization vulnerability in Google Android 12.0
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check.
local
low complexity
google CWE-862
2.3
2022-12-08 CVE-2022-39914 Incorrect Authorization vulnerability in Google Android
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
local
low complexity
google CWE-863
3.3
2022-12-08 CVE-2022-39913 Incorrect Authorization vulnerability in Google Android
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.
local
low complexity
google CWE-863
3.3
2022-12-08 CVE-2022-39912 Improper Handling of Exceptional Conditions vulnerability in Google Android
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.
local
low complexity
google CWE-755
3.3