Vulnerabilities > Google > Low

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-25817 Unspecified vulnerability in Google Android 10.0/11.0
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
local
low complexity
google
3.3
2022-03-10 CVE-2022-24929 Unspecified vulnerability in Google Android 10.0/11.0/12.0
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
local
low complexity
google
3.3
2022-02-11 CVE-2022-24000 Unspecified vulnerability in Google Android 10.0/11.0/12.0
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
local
low complexity
google
3.3
2022-02-11 CVE-2022-23999 Unspecified vulnerability in Google Android 10.0/11.0/12.0
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
local
low complexity
google
3.3
2022-02-04 CVE-2022-0317 Improper Input Validation vulnerability in Google Go-Attestation
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency.
local
low complexity
google CWE-20
3.3
2022-01-14 CVE-2021-39628 Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code.
local
low complexity
google CWE-668
3.3
2022-01-10 CVE-2022-22272 Unspecified vulnerability in Google Android 10.0/11.0/12.0
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
local
low complexity
google
3.3
2022-01-10 CVE-2022-22270 Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/9.0
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
local
low complexity
google CWE-552
3.3
2022-01-10 CVE-2022-22269 Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/9.0
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
local
low complexity
google CWE-552
3.3
2022-01-10 CVE-2022-22267 Files or Directories Accessible to External Parties vulnerability in Google Android
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
local
low complexity
google CWE-552
3.3