Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-20056 Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0
In preloader (usb), there is a possible out of bounds write due to a missing bounds check.
local
google CWE-787
4.4
4.4
2022-03-10 CVE-2022-20057 Improper Handling of Exceptional Conditions vulnerability in Google Android 11.0/12.0
In btif, there is a possible memory corruption due to incorrect error handling.
local
google CWE-755
4.4
4.4
2022-03-10 CVE-2022-20058 Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0
In preloader (usb), there is a possible out of bounds write due to a missing bounds check.
local
google CWE-787
4.4
4.4
2022-03-10 CVE-2022-20059 Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0
In preloader (usb), there is a possible out of bounds write due to a missing bounds check.
local
google CWE-787
4.4
4.4
2022-03-10 CVE-2022-20060 Missing Authentication for Critical Function vulnerability in Google Android 10.0/11.0/12.0
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication.
low complexity
google CWE-306
6.6
6.6
2022-03-04 CVE-2022-23729 Improper Authentication vulnerability in Google Android
When the device is in factory state, it can be access the shell without adb authentication process.
local
google CWE-287
6.9
6.9
2022-02-25 CVE-2022-0247 Incorrect Permission Assignment for Critical Resource vulnerability in Google Fuchsia
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots.
local
low complexity
google CWE-732
2.1
2.1
2022-02-25 CVE-2022-25326 Resource Exhaustion vulnerability in Google Fscrypt
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space.
local
low complexity
google CWE-400
2.1
2.1
2022-02-25 CVE-2022-25327 Incorrect Default Permissions vulnerability in Google Fscrypt
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in.
local
low complexity
google CWE-276
2.1
2.1
2022-02-25 CVE-2022-25328 OS Command Injection vulnerability in Google Fscrypt
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances.
local
low complexity
google CWE-78
7.2
7.2