Filtered by vendor Google
Subscribe
Total
10294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20100 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. | |||||
| CVE-2022-20097 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-11 | 1.9 LOW | 4.7 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944. | |||||
| CVE-2022-20096 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. | |||||
| CVE-2022-20084 | 2 Google, Mediatek | 55 Android, Mt6731, Mt6732 and 52 more | 2022-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | |||||
| CVE-2021-22556 | 1 Google | 1 Fuchsia | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. | |||||
| CVE-2021-22573 | 1 Google | 1 Oauth Client Library For Java | 2022-05-10 | 3.5 LOW | 7.3 HIGH |
| The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above | |||||
| CVE-2022-20085 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6731 and 50 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. | |||||
| CVE-2022-20090 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2022-05-10 | 4.4 MEDIUM | 6.4 MEDIUM |
| In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197. | |||||
| CVE-2022-20089 | 2 Google, Mediatek | 47 Android, Mt6580, Mt6731 and 44 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. | |||||
| CVE-2022-20088 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. | |||||
| CVE-2022-20092 | 2 Google, Mediatek | 24 Android, Mt6761, Mt6768 and 21 more | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
| In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061. | |||||
| CVE-2022-20093 | 2 Google, Mediatek | 57 Android, Mt6731, Mt6732 and 54 more | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | |||||
| CVE-2022-20091 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2022-05-10 | 4.4 MEDIUM | 6.4 MEDIUM |
| In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345. | |||||
| CVE-2022-20094 | 2 Google, Mediatek | 12 Android, Mt6771, Mt6779 and 9 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734. | |||||
| CVE-2022-20095 | 2 Google, Mediatek | 12 Android, Mt6771, Mt6779 and 9 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763. | |||||
| CVE-2021-22569 | 2 Google, Oracle | 7 Google-protobuf, Protobuf-java, Protobuf-kotlin and 4 more | 2022-05-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | |||||
| CVE-2021-22572 | 1 Google | 1 Data Transfer Project | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
| On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 | |||||
| CVE-2021-22571 | 1 Google | 1 Sa360 Webquery To Bigquery Exporter | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
| A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. | |||||
| CVE-2020-8908 | 4 Google, Netapp, Oracle and 1 more | 13 Guava, Active Iq Unified Manager, Commerce Guided Search and 10 more | 2022-05-10 | 2.1 LOW | 3.3 LOW |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | |||||
| CVE-2022-20087 | 2 Google, Mediatek | 7 Android, Mt6833, Mt6853 and 4 more | 2022-05-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. | |||||