Filtered by vendor Google
Subscribe
Total
12727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0069 | 2 Google, Huawei | 57 Android, Berkeley-l09, Berkeley-l09 Firmware and 54 more | 2025-04-04 | 7.2 HIGH | 7.8 HIGH |
| In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 | |||||
| CVE-2020-0041 | 1 Google | 1 Android | 2025-04-04 | 7.2 HIGH | 7.8 HIGH |
| In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel | |||||
| CVE-2023-20908 | 1 Google | 1 Android | 2025-04-03 | N/A | 5.5 MEDIUM |
| In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861 | |||||
| CVE-2023-20905 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 | |||||
| CVE-2023-20904 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 | |||||
| CVE-2022-20494 | 1 Google | 1 Android | 2025-04-03 | N/A | 5.5 MEDIUM |
| In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204 | |||||
| CVE-2022-20493 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 | |||||
| CVE-2022-20492 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 | |||||
| CVE-2023-5217 | 8 Apple, Debian, Fedoraproject and 5 more | 11 Ipados, Iphone Os, Debian Linux and 8 more | 2025-04-03 | N/A | 8.8 HIGH |
| Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-0246 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-03 | N/A | 6.5 MEDIUM |
| When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. | |||||
| CVE-2018-9377 | 1 Google | 1 Android | 2025-04-03 | N/A | 5.5 MEDIUM |
| In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-2294 | 6 Apple, Fedoraproject, Google and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2025-04-03 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2024-25992 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25993 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
| In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27204 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
| In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27205 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
| there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27206 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.5 HIGH |
| there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27207 | 1 Google | 1 Android | 2025-04-03 | N/A | 9.1 CRITICAL |
| Exported broadcast receivers allowing malicious apps to bypass broadcast protection. | |||||
| CVE-2024-27208 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
| there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27209 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
| there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||