Skip to main content

Android

7243 CVEs product

Monthly

CVE-2024-0016 MEDIUM PATCH This Month

In multiple locations, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0015 HIGH PATCH This Week

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-0041 HIGH PATCH This Week

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-0040 HIGH PATCH This Week

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Information Disclosure Memory Corruption Android
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-0038 HIGH PATCH This Week

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0037 LOW PATCH Monitor

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-0036 HIGH PATCH This Week

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0035 HIGH PATCH This Week

In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0034 HIGH PATCH This Week

In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0033 HIGH PATCH This Week

In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0032 MEDIUM PATCH This Month

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0031 CRITICAL PATCH Act Now

In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0030 MEDIUM PATCH This Month

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-0029 HIGH PATCH This Week

In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0014 HIGH This Week

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-22012 HIGH This Week

there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20820 HIGH This Week

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-20819 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20818 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20817 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20816 MEDIUM This Month

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20815 MEDIUM This Month

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20814 MEDIUM This Month

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20813 HIGH This Week

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20812 HIGH This Week

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20811 LOW Monitor

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20810 LOW Monitor

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-20016 MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20015 HIGH This Week

In telephony, there is a possible escalation of privilege due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20013 MEDIUM This Month

In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20012 MEDIUM This Month

In keyInstall, there is a possible escalation of privilege due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20011 CRITICAL Act Now

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-20010 MEDIUM This Month

In keyInstall, there is a possible escalation of privilege due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20009 HIGH This Week

In alac decoder, there is a possible out of bounds write due to an incorrect error handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-20007 HIGH This Week

In mp3 decoder, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Buffer Overflow Race Condition Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20006 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Rdk B Android +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20002 MEDIUM This Month

In TVAPI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20001 MEDIUM This Month

In TVAPI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-21668 npm MEDIUM PATCH Monitor

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Apple Google React Native Mmkv Android +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-36629 MEDIUM POC This Month

The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure St54 Android Packages Apps Nfc Android
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-20806 MEDIUM This Month

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-20805 LOW Monitor

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles Samsung
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20804 MEDIUM Monitor

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles Samsung
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-20803 MEDIUM This Month

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-6540 MEDIUM This Month

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Google Code Injection Browser Hd +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5879 MEDIUM This Month

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Aladdin Connect Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-21633 HIGH POC PATCH THREAT Act Now

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK resources with crafted filenames can write files to arbitrary locations on the system, enabling code execution on developer and CI/CD machines that analyze untrusted APKs.

Google Path Traversal Apktool Android
NVD GitHub
CVSS 3.1
7.8
EPSS
80.5%
Threat
5.5
CVE-2023-4164 HIGH This Week

There is a possible information disclosure due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-49794 MEDIUM POC This Month

KernelSU is a Kernel-based root solution for Android devices. Rated medium severity (CVSS 6.7). Public exploit code available and no vendor patch available.

Authentication Bypass Google Kernelsu Android
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32891 MEDIUM This Month

In bluetooth service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android Lr13 +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32889 HIGH This Week

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-32885 MEDIUM This Month

In display drm, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32884 MEDIUM This Month

In netdagent, there is a possible information disclosure due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32883 MEDIUM This Month

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32882 MEDIUM This Month

In battery, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32881 MEDIUM This Month

In battery, there is a possible information disclosure due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-32880 MEDIUM This Month

In battery, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-32879 MEDIUM This Month

In battery, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32878 MEDIUM This Month

In battery, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-32877 MEDIUM This Month

In battery, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-32876 MEDIUM This Month

In keyInstall, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-32875 MEDIUM This Month

In keyInstall, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-32872 MEDIUM This Month

In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-48423 CRITICAL Act Now

In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-48422 MEDIUM This Month

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48421 HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48420 MEDIUM This Month

there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-48416 HIGH This Week

In multiple locations, there is a possible null dereference due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48415 MEDIUM This Month

In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48414 MEDIUM This Month

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-48413 MEDIUM This Month

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-48412 MEDIUM This Month

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48411 MEDIUM This Month

In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48410 HIGH This Week

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48409 HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48408 MEDIUM This Month

In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48407 HIGH This Week

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48406 MEDIUM This Month

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-48405 MEDIUM This Month

there is a possible way for the secure world to write to NS memory due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-48404 HIGH This Week

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48403 HIGH This Week

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48402 HIGH This Week

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48401 MEDIUM This Month

In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48399 MEDIUM This Month

In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48398 HIGH This Week

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-48397 MEDIUM This Month

In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-45866 MEDIUM PATCH This Month

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubuntu Authentication Bypass Android Ubuntu Linux Iphone Os +4
NVD GitHub
CVSS 3.1
6.3
EPSS
7.9%
CVE-2023-42570 LOW Monitor

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42569 LOW Monitor

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42568 MEDIUM This Month

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In multiple locations, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Android
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Information Disclosure Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In telephony, there is a possible escalation of privilege due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In keyInstall, there is a possible escalation of privilege due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Android
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In keyInstall, there is a possible escalation of privilege due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Android
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In alac decoder, there is a possible out of bounds write due to an incorrect error handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In mp3 decoder, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Buffer Overflow Race Condition +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In TVAPI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In TVAPI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Apple Google +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles +1
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Google +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Aladdin Connect +1
NVD
EPSS 81% 5.5 CVSS 7.8
HIGH POC PATCH THREAT Act Now

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK resources with crafted filenames can write files to arbitrary locations on the system, enabling code execution on developer and CI/CD machines that analyze untrusted APKs.

Google Path Traversal Apktool +1
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

There is a possible information disclosure due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

KernelSU is a Kernel-based root solution for Android devices. Rated medium severity (CVSS 6.7). Public exploit code available and no vendor patch available.

Authentication Bypass Google Kernelsu +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

In bluetooth service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display drm, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In netdagent, there is a possible information disclosure due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In battery, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In battery, there is a possible information disclosure due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In battery, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In battery, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In battery, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In battery, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In keyInstall, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In keyInstall, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In multiple locations, there is a possible null dereference due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

there is a possible way for the secure world to write to NS memory due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 8% CVSS 6.3
MEDIUM PATCH This Month

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubuntu Authentication Bypass Android +6
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
Prev Page 16 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy