Filtered by vendor Google
Subscribe
Total
10294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24932 | 2 Google, Samsung | 2 Android, Cloud | 2022-03-16 | 2.1 LOW | 4.6 MEDIUM |
| Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | |||||
| CVE-2022-24929 | 1 Google | 1 Android | 2022-03-16 | 2.1 LOW | 3.3 LOW |
| Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | |||||
| CVE-2022-24928 | 1 Google | 1 Android | 2022-03-16 | 7.2 HIGH | 7.8 HIGH |
| Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. | |||||
| CVE-2022-25814 | 1 Google | 1 Android | 2022-03-15 | 4.6 MEDIUM | 7.8 HIGH |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25815 | 1 Google | 1 Android | 2022-03-15 | 4.6 MEDIUM | 7.8 HIGH |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25816 | 1 Google | 1 Android | 2022-03-15 | 2.1 LOW | 4.6 MEDIUM |
| Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication | |||||
| CVE-2022-25817 | 1 Google | 1 Android | 2022-03-15 | 2.1 LOW | 3.3 LOW |
| Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||||
| CVE-2022-25818 | 1 Google | 1 Android | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. | |||||
| CVE-2022-25819 | 2 Google, Samsung | 2 Android, Exynos | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | |||||
| CVE-2022-25821 | 2 Google, Samsung | 2 Android, Exynos | 2022-03-15 | 3.6 LOW | 7.1 HIGH |
| Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. | |||||
| CVE-2022-25820 | 1 Google | 1 Android | 2022-03-15 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | |||||
| CVE-2022-25822 | 1 Google | 1 Android | 2022-03-15 | 4.9 MEDIUM | 6.2 MEDIUM |
| An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | |||||
| CVE-2022-20047 | 2 Google, Mediatek | 11 Android, Mt5816, Mt5835 and 8 more | 2022-03-15 | 7.2 HIGH | 7.8 HIGH |
| In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. | |||||
| CVE-2022-23729 | 1 Google | 1 Android | 2022-03-11 | 6.9 MEDIUM | 7.8 HIGH |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-0247 | 1 Google | 1 Fuchsia | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. | |||||
| CVE-2022-25328 | 1 Google | 1 Fscrypt | 2022-03-07 | 7.2 HIGH | 7.3 HIGH |
| The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-25326 | 1 Google | 1 Fscrypt | 2022-03-04 | 2.1 LOW | 5.5 MEDIUM |
| fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. | |||||
| CVE-2021-37994 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-37995 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||