Skip to main content

Android

7243 CVEs product

Monthly

CVE-2025-20906 MEDIUM This Month

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20905 MEDIUM This Month

Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-20904 MEDIUM This Month

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-20899 MEDIUM This Month

Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-20897 MEDIUM This Month

Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-20893 MEDIUM This Month

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-20892 MEDIUM This Month

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-20891 MEDIUM This Month

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20890 HIGH This Week

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20889 MEDIUM This Month

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20888 HIGH This Week

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20887 MEDIUM This Month

Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20886 MEDIUM This Month

Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. Rated medium severity (CVSS 4.1). No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-20885 MEDIUM This Month

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-20884 MEDIUM This Month

Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-20883 MEDIUM This Month

Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-20882 HIGH This Week

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20881 HIGH This Week

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-36437 MEDIUM This Month

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-20643 LOW Monitor

In DA, there is a possible out of bounds read due to a missing bounds check. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-20642 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-20641 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-20640 MEDIUM Monitor

In DA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20639 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-20638 MEDIUM Monitor

In DA, there is a possible read of uninitialized heap data due to uninitialized data. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20636 MEDIUM This Month

In secmem, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20635 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-20147 MEDIUM This Month

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt +1
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2024-20142 MEDIUM This Month

In V5 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-20141 MEDIUM This Month

In V5 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-54462 LOW Monitor

The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. Rated low severity (CVSS 2.1). No vendor patch available.

Information Disclosure Image Picker Android Android
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2024-54461 LOW Monitor

The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. Rated low severity (CVSS 2.1). No vendor patch available.

Information Disclosure File Selector Android Android
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2024-40677 HIGH This Month

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40676 HIGH This Month

In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-40675 HIGH This Month

In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-40674 MEDIUM This Month

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Android Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-40673 MEDIUM This Month

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Android Google
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-40672 HIGH This Month

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40670 HIGH This Month

In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Privilege Escalation Android +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40669 HIGH This Month

In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Privilege Escalation Android +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40651 HIGH This Month

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40649 HIGH This Month

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-34748 HIGH This Month

In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-34733 HIGH This Month

In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Integer Overflow Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-34732 HIGH This Month

In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2018-9378 MEDIUM PATCH This Month

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2018-9373 HIGH This Week

In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2017-13318 MEDIUM PATCH This Month

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2017-13317 MEDIUM PATCH This Month

In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-49749 HIGH This Month

In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Android Google
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-49748 CRITICAL This Week

In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Android Google
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2024-49747 CRITICAL This Week

In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Buffer Overflow Android Google
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2024-49745 HIGH This Month

In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49744 HIGH This Month

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49742 HIGH This Month

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49738 HIGH This Month

In writeInplace of Parcel.cpp, there is a possible out of bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49737 HIGH This Month

In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49736 MEDIUM This Month

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-49735 HIGH This Month

In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49734 HIGH This Month

In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-49733 MEDIUM This Month

In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-49732 HIGH This Month

In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49724 HIGH This Month

In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-43771 HIGH This Month

In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Buffer Overflow Android Google
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-43770 HIGH This Month

In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Buffer Overflow Android Google
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-43765 HIGH This Month

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-43763 MEDIUM This Month

In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-43096 HIGH This Month

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Android Google
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43095 HIGH This Month

In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-34730 HIGH This Month

In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-40132 HIGH This Week

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-40108 MEDIUM This Month

In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0575 LOW Monitor

A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. Rated low severity (CVSS 1.8). No vendor patch available.

Google Information Disclosure Android
NVD VulDB
CVSS 4.0
1.8
EPSS
0.0%
CVE-2018-9464 HIGH This Week

In multiple locations, there is a possible way to read protected files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9461 HIGH PATCH This Week

In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2018-9406 MEDIUM This Month

In NlpService, there is a possible way to obtain location information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2018-9405 MEDIUM This Month

In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2018-9401 HIGH This Week

In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9389 HIGH This Week

In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Privilege Escalation Android +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9387 HIGH This Week

In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9447 MEDIUM PATCH This Month

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2018-9434 HIGH PATCH This Week

In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9384 MEDIUM PATCH This Month

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2018-9383 MEDIUM This Month

In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2018-9382 HIGH This Week

In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9379 MEDIUM PATCH This Month

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2018-9375 HIGH This Week

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-13322 CRITICAL PATCH Act Now

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Android Google
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-0435 MEDIUM POC PATCH This Week

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35685 HIGH POC This Week

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. Rated medium severity (CVSS 4.1). No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
EPSS 0% CVSS 3.9
LOW Monitor

In DA, there is a possible out of bounds read due to a missing bounds check. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

In DA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

In DA, there is a possible read of uninitialized heap data due to uninitialized data. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In secmem, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit +3
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V5 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V5 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. Rated low severity (CVSS 2.1). No vendor patch available.

Information Disclosure Image Picker Android Android
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. Rated low severity (CVSS 2.1). No vendor patch available.

Information Disclosure File Selector Android Android
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.7
HIGH This Month

In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.5
HIGH This Month

In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Android +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +3
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +3
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Integer Overflow +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Race Condition +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Android Google
NVD
EPSS 2% CVSS 8.8
HIGH This Week

In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 3% CVSS 8.8
HIGH This Month

In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +2
NVD
EPSS 6% CVSS 9.8
CRITICAL This Week

In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +2
NVD
EPSS 5% CVSS 9.8
CRITICAL This Week

In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In writeInplace of Parcel.cpp, there is a possible out of bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Android +1
NVD
EPSS 1% CVSS 7.5
HIGH This Month

In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.0
HIGH This Month

In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Month

In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Month

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD VulDB
EPSS 0% CVSS 1.8
LOW Monitor

A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. Rated low severity (CVSS 1.8). No vendor patch available.

Google Information Disclosure Android
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible way to read protected files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In NlpService, there is a possible way to obtain location information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Privilege Escalation +2
NVD
Prev Page 9 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy