Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8377 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29746 | 1 Google | 1 Android | 2025-06-17 | 8.4 High |
| In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29744 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29743 | 1 Google | 2 Android, Pixel | 2025-06-17 | 7.7 High |
| In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29742 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29741 | 1 Google | 1 Android | 2025-06-17 | 7.8 High |
| In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29740 | 1 Google | 1 Android | 2025-06-17 | 7.4 High |
| In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29739 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29738 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27232 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27231 | 1 Google | 1 Android | 2025-06-17 | 5.9 Medium |
| In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-17 | 6.7 Medium |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | ||||
| CVE-2024-20002 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2025-06-17 | 6.7 Medium |
| In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | ||||
| CVE-2023-32880 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-16 | 4.4 Medium |
| In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076. | ||||
| CVE-2023-32875 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-16 | 4.4 Medium |
| In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. | ||||
| CVE-2022-26461 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2025-06-12 | 6.7 Medium |
| In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604. | ||||
| CVE-2021-25262 | 2 Google, Yandex | 2 Android, Yandex Browser | 2025-06-10 | 5.4 Medium |
| Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. | ||||
| CVE-2025-31712 | 2 Google, Unisoc | 18 Android, S8000, Sc7731e and 15 more | 2025-06-10 | 5.1 Medium |
| In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. | ||||
| CVE-2025-31711 | 2 Google, Unisoc | 18 Android, S8000, Sc7731e and 15 more | 2025-06-10 | 5.1 Medium |
| In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. | ||||
| CVE-2025-31710 | 2 Google, Unisoc | 13 Android, S8000, Sc9863a and 10 more | 2025-06-10 | 5.9 Medium |
| In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-20392 | 1 Google | 1 Android | 2025-06-05 | 7.8 High |
| In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | ||||