Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-39736 | Integer Overflow or Wraparound vulnerability in Google Android In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. | 6.7 |
| 2022-03-16 | CVE-2021-39792 | Race Condition vulnerability in Google Android In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. | 4.1 |
| 2022-03-10 | CVE-2022-25816 | Improper Authentication vulnerability in Google Android 10.0/11.0/12.0 Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication | 4.6 |
| 2022-03-10 | CVE-2022-25819 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | 5.5 |
| 2022-03-10 | CVE-2022-25820 | Improper Restriction of Excessive Authentication Attempts vulnerability in Google Android 11.0/12.0 A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | 4.6 |
| 2022-03-10 | CVE-2022-25822 | Use After Free vulnerability in Google Android 10.0/11.0/12.0 An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | 6.2 |
| 2022-03-10 | CVE-2022-24932 | Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | 4.6 |
| 2022-03-10 | CVE-2022-20049 | Missing Authorization vulnerability in Google Android 10.0/11.0 In vpu, there is a possible escalation of privilege due to a missing permission check. | 6.7 |
| 2022-03-10 | CVE-2022-20050 | Link Following vulnerability in Google Android 11.0/12.0 In connsyslogger, there is a possible symbolic link following due to improper link resolution. | 6.7 |
| 2022-03-10 | CVE-2022-20051 | Improper Privilege Management vulnerability in Google Android 11.0/12.0 In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. | 5.5 |