Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3310 | 1 Google | 2 Android, Chrome | 2025-05-06 | 6.5 Medium |
| Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium) | ||||
| CVE-2025-20671 | 2 Google, Mediatek | 11 Android, Mt2718, Mt6878 and 8 more | 2025-05-06 | 7.0 High |
| In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228. | ||||
| CVE-2025-20668 | 2 Google, Mediatek | 8 Android, Mt6878, Mt6897 and 5 more | 2025-05-06 | 7.8 High |
| In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027. | ||||
| CVE-2025-20665 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6761 and 50 more | 2025-05-06 | 5.5 Medium |
| In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760. | ||||
| CVE-2023-52342 | 2 Google, Unisoc | 9 Android, S8000, S8000 Firmware and 6 more | 2025-05-06 | 7.5 High |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-52343 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | 5.5 Medium |
| In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-52344 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | 5.3 Medium |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-52346 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 4.4 Medium |
| In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed | ||||
| CVE-2023-52347 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 5.5 Medium |
| In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2023-52348 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 4.4 Medium |
| In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2023-52351 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 7.8 High |
| In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2023-52533 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | 5.3 Medium |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-52534 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | 5.9 Medium |
| In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2023-52535 | 2 Google, Unisoc | 7 Android, Sc7731e, Sc9832e and 4 more | 2025-05-06 | 4.4 Medium |
| In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2024-23658 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 4.4 Medium |
| In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2024-39441 | 2 Google, Unisoc | 13 Android, S8000, T310 and 10 more | 2025-05-06 | 7.1 High |
| In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2023-52341 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | 7.5 High |
| In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-32871 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2737 and 60 more | 2025-05-05 | 5.3 Medium |
| In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | ||||
| CVE-2023-35682 | 1 Google | 1 Android | 2025-05-05 | 7.8 High |
| In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-2722 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-05-05 | 8.8 High |
| Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||