Vulnerabilities > Google > Fscrypt

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-25326 Resource Exhaustion vulnerability in Google Fscrypt
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space.
local
low complexity
google CWE-400
5.5
2022-02-25 CVE-2022-25327 Incorrect Default Permissions vulnerability in Google Fscrypt
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in.
local
low complexity
google CWE-276
5.5
2022-02-25 CVE-2022-25328 OS Command Injection vulnerability in Google Fscrypt
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances.
local
low complexity
google CWE-78
7.3
2018-08-23 CVE-2018-6558 Unspecified vulnerability in Google Fscrypt
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
network
low complexity
google
6.5