Total
8649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22437 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22438 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22442 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.0 HIGH |
| In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22439 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.3 HIGH |
| In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-26416 | 1 Google | 1 Android | 2025-09-04 | N/A | 9.8 CRITICAL |
| In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9867 | 1 Google | 2 Android, Chrome | 2025-09-04 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-20358 | 1 Google | 1 Android | 2025-09-03 | N/A | 3.3 LOW |
| In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 | |||||
| CVE-2025-20705 | 4 Google, Linuxfoundation, Mediatek and 1 more | 42 Android, Yocto, Mt2718 and 39 more | 2025-09-03 | N/A | 7.8 HIGH |
| In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964. | |||||
| CVE-2025-20706 | 2 Google, Mediatek | 6 Android, Mt6899, Mt6989 and 3 more | 2025-09-03 | N/A | 7.8 HIGH |
| In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826. | |||||
| CVE-2025-20707 | 2 Google, Mediatek | 18 Android, Mt2718, Mt6853 and 15 more | 2025-09-03 | N/A | 6.7 MEDIUM |
| In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820. | |||||
| CVE-2023-21125 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.0 HIGH |
| In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49740 | 1 Google | 1 Android | 2025-09-02 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0074 | 1 Google | 1 Android | 2025-09-02 | N/A | 9.8 CRITICAL |
| In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0075 | 1 Google | 1 Android | 2025-09-02 | N/A | 9.8 CRITICAL |
| In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0078 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0080 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0079 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0081 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.5 HIGH |
| In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0082 | 1 Google | 1 Android | 2025-09-02 | N/A | 5.5 MEDIUM |
| In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||