Total
8673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21282 | 1 Google | 1 Android | 2025-11-04 | N/A | 8.8 HIGH |
| In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2020-0279 | 1 Google | 1 Android | 2025-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 | |||||
| CVE-2019-9283 | 1 Google | 1 Android | 2025-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564 | |||||
| CVE-2023-45866 | 6 Apple, Bluproducts, Canonical and 3 more | 16 Ipados, Iphone Os, Iphone Se and 13 more | 2025-11-04 | N/A | 6.3 MEDIUM |
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | |||||
| CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2025-11-04 | N/A | 6.5 MEDIUM |
| The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
| CVE-2025-48581 | 1 Google | 1 Android | 2025-11-04 | N/A | 8.4 HIGH |
| In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-50302 | 3 Debian, Google, Linux | 3 Debian Linux, Android, Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. | |||||
| CVE-2018-9466 | 1 Google | 1 Android | 2025-11-03 | N/A | 8.8 HIGH |
| In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-9956 | 1 Google | 2 Android, Chrome | 2025-11-03 | N/A | 7.8 HIGH |
| Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-43097 | 1 Google | 1 Android | 2025-11-03 | N/A | 7.8 HIGH |
| In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2025-10-30 | 4.6 MEDIUM | 5.0 MEDIUM |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2025-10-24 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2019-2215 | 5 Canonical, Debian, Google and 2 more | 145 Ubuntu Linux, Debian Linux, Android and 142 more | 2025-10-24 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 | |||||
| CVE-2022-2856 | 5 Apple, Fedoraproject, Google and 2 more | 6 Macos, Fedora, Android and 3 more | 2025-10-24 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | |||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-10-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | |||||
| CVE-2024-32896 | 1 Google | 1 Android | 2025-10-24 | N/A | 7.8 HIGH |
| there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-29745 | 1 Google | 1 Android | 2025-10-24 | N/A | 5.5 MEDIUM |
| there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-29748 | 1 Google | 2 Android, Pixel | 2025-10-24 | N/A | 7.8 HIGH |
| there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-20963 | 1 Google | 1 Android | 2025-10-23 | N/A | 7.8 HIGH |
| In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | |||||
| CVE-2021-39793 | 1 Google | 1 Android | 2025-10-23 | 7.2 HIGH | 7.8 HIGH |
| In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A | |||||