Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7841 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-14894 | 1 Google | 1 Android | 2024-09-16 | N/A |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle->interfaces[vdev_id]. | ||||
CVE-2018-3587 | 1 Google | 1 Android | 2024-09-16 | N/A |
In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. | ||||
CVE-2012-1393 | 2 Goforandroid, Google | 2 Go Sms Pro, Android | 2024-09-16 | N/A |
Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors. | ||||
CVE-2017-13275 | 1 Google | 1 Android | 2024-09-16 | N/A |
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908. | ||||
CVE-2017-9705 | 1 Google | 1 Android | 2024-09-16 | N/A |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers. | ||||
CVE-2017-15847 | 1 Google | 1 Android | 2024-09-16 | N/A |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. | ||||
CVE-2017-13245 | 1 Google | 1 Android | 2024-09-16 | N/A |
A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347. | ||||
CVE-2017-13173 | 1 Google | 1 Android | 2024-09-16 | N/A |
An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361. | ||||
CVE-2018-5857 | 1 Google | 1 Android | 2024-09-16 | N/A |
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | ||||
CVE-2017-0719 | 1 Google | 1 Android | 2024-09-16 | N/A |
A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673. | ||||
CVE-2024-8639 | 1 Google | 2 Android, Chrome | 2024-09-13 | 8.8 High |
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-8637 | 1 Google | 2 Android, Chrome | 2024-09-13 | 8.8 High |
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-35656 | 1 Google | 1 Android | 2024-09-13 | 7.5 High |
In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-35663 | 1 Google | 1 Android | 2024-09-13 | 7.5 High |
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-21349 | 1 Google | 1 Android | 2024-09-12 | 3.3 Low |
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2022-48456 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-12 | 4.4 Medium |
In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed | ||||
CVE-2024-40650 | 1 Google | 1 Android | 2024-09-12 | 7.8 High |
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-40652 | 1 Google | 1 Android | 2024-09-11 | 7.3 High |
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2024-40655 | 1 Google | 1 Android | 2024-09-11 | 7.8 High |
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2024-40662 | 1 Google | 1 Android | 2024-09-11 | 7.8 High |
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |