Android

android

Vendor: Google • 8,095 CVEs

CVEs (8,095)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0092 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execut...Show more In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2025-0086 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 6.2 MEDIUM· v3 N/A· v2 In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...Show more In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0084 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed....Show more In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0083 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 4.0 MEDIUM· v3 N/A· v2 In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User inter...Show more In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0082 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional exe...Show more In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2025-0081 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed...Show more In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0080 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges...Show more In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0079 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed....Show more In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0078 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...Show more In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0075 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. Use...Show more In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-0074 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User in...Show more In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-49740 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...Show more In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21125 1Google 1Android Sep 2, 2025 Aug 26, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges neede...Show more In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-21024 1Google 1Android Oct 2, 2025 Aug 6, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.
CVE-2025-20698 1Google 1Android Aug 18, 2025 Aug 4, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is no...Show more In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.Show less
CVE-2025-20697 1Google 1Android Aug 18, 2025 Aug 4, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is no...Show more In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.Show less
CVE-2025-20696 5Google LinuxfoundationOpenwrt+2 more 5Android OpenwrtRdk B+2 more Aug 18, 2025 Aug 4, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges ne...Show more In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.Show less
CVE-2025-20695 3Google MediatekOpenwrt 3Android OpenwrtSoftware Development Kit Jul 14, 2025 Jul 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation....Show more In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.Show less
CVE-2025-20694 3Google MediatekOpenwrt 3Android OpenwrtSoftware Development Kit Jul 14, 2025 Jul 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation....Show more In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.Show less
CVE-2025-20693 4Google LinuxfoundationMediatek+1 more 4Android OpenwrtSoftware Development Kit+1 more Jul 9, 2025 Jul 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User inter...Show more In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.Show less

Previous 1...252627...405 Next