Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32924 | 1 Google | 1 Android | 2025-07-22 | N/A | 7.5 HIGH |
|
In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-32925 | 1 Google | 1 Android | 2025-07-22 | N/A | 8.8 HIGH |
|
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-32926 | 1 Google | 1 Android | 2025-07-22 | N/A | 5.5 MEDIUM |
|
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-32929 | 1 Google | 1 Android | 2025-07-22 | N/A | 8.1 HIGH |
|
In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-32930 | 1 Google | 1 Android | 2025-07-22 | N/A | 5.5 MEDIUM |
|
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-32920 | 1 Google | 1 Android | 2025-07-22 | N/A | 7.1 HIGH |
|
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34663 | 1 Google | 1 Android | 2025-07-17 | N/A | 5.3 MEDIUM |
|
Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.
|
|||||
| CVE-2024-34664 | 1 Google | 1 Android | 2025-07-17 | N/A | 4.1 MEDIUM |
|
Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.
|
|||||
| CVE-2024-8907 | 1 Google | 2 Android, Chrome | 2025-07-15 | N/A | 6.1 MEDIUM |
|
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2025-20695 | 3 Google, Mediatek, Openwrt | 14 Android, Mt6639, Mt6653 and 11 more | 2025-07-14 | N/A | 6.5 MEDIUM |
|
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.
|
|||||
| CVE-2025-20694 | 3 Google, Mediatek, Openwrt | 40 Android, Mt2718, Mt6639 and 37 more | 2025-07-14 | N/A | 6.5 MEDIUM |
|
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.
|
|||||
| CVE-2018-9379 | 1 Google | 1 Android | 2025-07-10 | N/A | 5.5 MEDIUM |
|
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9382 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
|
In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9383 | 1 Google | 1 Android | 2025-07-10 | N/A | 4.4 MEDIUM |
|
In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9384 | 1 Google | 1 Android | 2025-07-10 | N/A | 4.4 MEDIUM |
|
In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9434 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
|
In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9447 | 1 Google | 1 Android | 2025-07-10 | N/A | 5.5 MEDIUM |
|
In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9387 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
|
In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9401 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
|
In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9405 | 1 Google | 1 Android | 2025-07-10 | N/A | 6.7 MEDIUM |
|
In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9461 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.0 HIGH |
|
In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9464 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
|
In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2017-13317 | 1 Google | 1 Android | 2025-07-10 | N/A | 5.7 MEDIUM |
|
In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2017-13318 | 1 Google | 1 Android | 2025-07-10 | N/A | 5.7 MEDIUM |
|
In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2018-9373 | 1 Google | 1 Android | 2025-07-10 | N/A | 8.8 HIGH |
|
In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9378 | 1 Google | 1 Android | 2025-07-10 | N/A | 6.2 MEDIUM |
|
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-20693 | 4 Google, Linuxfoundation, Mediatek and 1 more | 26 Android, Yocto, Mt2737 and 23 more | 2025-07-09 | N/A | 6.5 MEDIUM |
|
In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.
|
|||||
| CVE-2025-6428 | 2 Google, Mozilla | 2 Android, Firefox | 2025-07-03 | N/A | 4.3 MEDIUM |
|
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.
|
|||||
| CVE-2025-6431 | 2 Google, Mozilla | 2 Android, Firefox | 2025-07-03 | N/A | 6.5 MEDIUM |
|
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.
|
|||||
| CVE-2018-9372 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9409 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9375 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-43077 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-43762 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-43764 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34732 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34733 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34748 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40649 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40651 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||