Vulnerabilities > Google > Low

DATE CVE VULNERABILITY TITLE RISK
2020-12-15 CVE-2020-0481 Incorrect Authorization vulnerability in Google Android 11.0
In AndroidManifest.xml, there is a possible permissions bypass.
local
low complexity
google CWE-863
3.3
2020-12-15 CVE-2020-8937 Out-of-bounds Write vulnerability in Google Asylo
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located.
local
low complexity
google CWE-787
3.3
2020-12-15 CVE-2020-8938 Out-of-bounds Write vulnerability in Google Asylo
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave.
local
low complexity
google CWE-787
3.3
2020-12-14 CVE-2020-0459 Missing Authorization vulnerability in Google Android
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check.
local
low complexity
google CWE-862
3.3
2020-12-10 CVE-2020-26270 Improper Input Validation vulnerability in Google Tensorflow
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend.
local
low complexity
google CWE-20
3.3
2020-12-10 CVE-2020-8908 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir().
local
low complexity
google quarkus oracle netapp CWE-732
3.3
2020-12-10 CVE-2020-26271 Use of Uninitialized Resource vulnerability in Google Tensorflow
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph.
local
low complexity
google CWE-908
3.3
2020-12-10 CVE-2020-8919 Incorrect Authorization vulnerability in Google Gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.
low complexity
google CWE-863
3.5
2020-12-10 CVE-2020-8920 Unspecified vulnerability in Google Gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
low complexity
google
3.5
2020-10-14 CVE-2020-0412 Missing Authorization vulnerability in Google Android
In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check.
local
low complexity
google CWE-862
3.3