Filtered by vendor Google
Subscribe
Total
12727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25831 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 2.0 LOW |
| Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | |||||
| CVE-2022-25822 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.0 MEDIUM |
| An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | |||||
| CVE-2022-25821 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 3.3 LOW |
| Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. | |||||
| CVE-2022-25820 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
| A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | |||||
| CVE-2022-25819 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | |||||
| CVE-2022-25818 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. | |||||
| CVE-2022-25817 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||||
| CVE-2022-25816 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication | |||||
| CVE-2022-25815 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25814 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25647 | 4 Debian, Google, Netapp and 1 more | 6 Debian Linux, Gson, Active Iq Unified Manager and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
| The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | |||||
| CVE-2022-25635 | 3 Google, Linux, Realtek | 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit | 2024-11-21 | N/A | 6.5 MEDIUM |
| Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service. | |||||
| CVE-2022-25328 | 1 Google | 1 Fscrypt | 2024-11-21 | 7.2 HIGH | 5.0 MEDIUM |
| The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-25326 | 1 Google | 1 Fscrypt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. | |||||
| CVE-2022-24932 | 2 Google, Samsung | 2 Android, Cloud | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
| Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | |||||
| CVE-2022-24931 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.9 HIGH |
| Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission | |||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | |||||
| CVE-2022-24928 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 5.9 MEDIUM |
| Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. | |||||
| CVE-2022-24925 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 4.4 MEDIUM |
| Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices. | |||||