Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-20109 | Unspecified vulnerability in Google Android In ion, there is a possible use after free due to improper update of reference count. | 7.8 |
| 2022-05-03 | CVE-2022-20110 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android In ion, there is a possible use after free due to a race condition. | 7.0 |
| 2022-05-03 | CVE-2022-28783 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. | 7.1 |
| 2022-05-03 | CVE-2021-22556 | Integer Overflow or Wraparound vulnerability in Google Fuchsia The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. | 7.8 |
| 2022-05-03 | CVE-2021-22573 | Improper Verification of Cryptographic Signature vulnerability in Google Oauth Client Library for Java The vulnerability is that IDToken verifier does not verify if token is properly signed. | 7.3 |
| 2022-05-01 | CVE-2022-25647 | Deserialization of Untrusted Data vulnerability in multiple products The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | 7.5 |
| 2022-04-12 | CVE-2021-0694 | Incorrect Authorization vulnerability in Google Android 11.0 In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. | 7.8 |
| 2022-04-12 | CVE-2021-0707 | Use After Free vulnerability in Google Android In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. | 7.8 |
| 2022-04-12 | CVE-2021-39794 | Incorrect Default Permissions vulnerability in Google Android 11.0/12.0/12.1 In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. | 7.8 |
| 2022-04-12 | CVE-2021-39796 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. | 7.3 |