Filtered by vendor Google
Subscriptions
Total
13232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22423 | 1 Google | 1 Android | 2025-09-04 | 7.5 High |
| In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22427 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-22429 | 1 Google | 1 Android | 2025-09-04 | 9.8 Critical |
| In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22428 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22431 | 1 Google | 1 Android | 2025-09-04 | 5.5 Medium |
| In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22430 | 1 Google | 1 Android | 2025-09-04 | 5.5 Medium |
| In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22433 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22434 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22435 | 1 Google | 1 Android | 2025-09-04 | 9.8 Critical |
| In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22437 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22438 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22442 | 1 Google | 1 Android | 2025-09-04 | 7 High |
| In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22439 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-26416 | 1 Google | 1 Android | 2025-09-04 | 9.8 Critical |
| In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-9867 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2025-09-04 | 8.8 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9864 | 1 Google | 1 Chrome | 2025-09-04 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-21035 | 2 Google, Samsung | 5 Android, Calendar, Mobile and 2 more | 2025-09-04 | 4.6 Medium |
| Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2025-21030 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-04 | 4.3 Medium |
| Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background. | ||||