Vulnerabilities > Google > Android > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-20213 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack.
local
low complexity
google CWE-1021
5.5
5.5
2023-01-26 CVE-2022-20214 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack.
network
low complexity
google CWE-1021
4.7
4.7
2023-01-26 CVE-2022-20215 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack.
local
low complexity
google CWE-1021
5.5
5.5
2023-01-26 CVE-2022-20235 Out-of-bounds Write vulnerability in Google Android
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem.
local
low complexity
google CWE-787
5.5
5.5
2023-01-26 CVE-2022-20458 Information Exposure Through Log Files vulnerability in Google Android 12.1
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build.
local
low complexity
google CWE-532
5.5
5.5
2023-01-26 CVE-2022-20494 Allocation of Resources Without Limits or Throttling vulnerability in Google Android
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion.
local
low complexity
google CWE-770
5.5
5.5
2023-01-04 CVE-2022-38678 Missing Authorization vulnerability in Google Android 10.0/11.0/12.0
In contacts service, there is a missing permission check.
local
low complexity
google CWE-862
5.5
5.5
2023-01-04 CVE-2022-38682 Missing Authorization vulnerability in Google Android 10.0/11.0/12.0
In contacts service, there is a missing permission check.
local
low complexity
google CWE-862
5.5
5.5
2023-01-04 CVE-2022-38683 Missing Authorization vulnerability in Google Android 10.0/11.0/12.0
In contacts service, there is a missing permission check.
local
low complexity
google CWE-862
5.5
5.5
2023-01-04 CVE-2022-38684 Missing Authorization vulnerability in Google Android 10.0/11.0/12.0
In contacts service, there is a missing permission check.
local
low complexity
google CWE-862
5.5
5.5