Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0052 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0051 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0044 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0041 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0040 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0039 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-53131 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: netfilter: require Ethernet MAC header before using eth_hdr() | ||
| CVE-2026-52920 | mod | 0.39 | 7.0 | 0.00 | Jun 24, 2026 | kernel: netfilter: xt_policy: fix strict mode inbound policy matching | ||
| CVE-2026-52935 | mod | 0.39 | 7.0 | 0.00 | Jun 24, 2026 | kernel: xfrm: espintcp: do not reuse an in-progress partial send | ||
| CVE-2026-52940 | mod | 0.39 | 7.0 | 0.00 | Jun 24, 2026 | kernel: tun: zero the whole vnet header in tun_put_user() | ||
| CVE-2026-46322 | Hig | 0.39 | 7.1 | 0.00 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that… | ||
| CVE-2026-46321 | Hig | 0.39 | 7.1 | 0.00 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter than ETH_HLEN without freeing the page that vhost_net_build_xdp() allocated for it. tun_sendmsg()… | ||
| CVE-2026-53091 | imp | 0.38 | 7.0 | 0.00 | Jun 24, 2026 | kernel: net: pull headers in qdisc_pkt_len_segs_init() | ||
| CVE-2016-0818 | Med | 0.38 | 5.9 | 0.00 | Mar 12, 2016 | The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows… | ||
| CVE-2026-0043 | Med | 0.36 | 5.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0042 | Med | 0.36 | 5.5 | 0.00 | Jun 1, 2026 | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48600 | Med | 0.36 | 5.5 | 0.00 | Dec 8, 2025 | In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2016-3835 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted… | ||
| CVE-2016-3810 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389. | ||
| CVE-2016-3809 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522. |
- risk 0.42cvss 6.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.42cvss 6.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.42cvss 6.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.42cvss 6.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.42cvss 6.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.42cvss 6.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.39cvss 7.0epss 0.00
kernel: netfilter: require Ethernet MAC header before using eth_hdr()
- risk 0.39cvss 7.0epss 0.00
kernel: netfilter: xt_policy: fix strict mode inbound policy matching
- risk 0.39cvss 7.0epss 0.00
kernel: xfrm: espintcp: do not reuse an in-progress partial send
- risk 0.39cvss 7.0epss 0.00
kernel: tun: zero the whole vnet header in tun_put_user()
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that…
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter than ETH_HLEN without freeing the page that vhost_net_build_xdp() allocated for it. tun_sendmsg()…
- risk 0.38cvss 7.0epss 0.00
kernel: net: pull headers in qdisc_pkt_len_segs_init()
- risk 0.38cvss 5.9epss 0.00
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows…
- risk 0.36cvss 5.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.36cvss 5.5epss 0.00
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted…
- risk 0.36cvss 5.5epss 0.00
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.
- risk 0.36cvss 5.5epss 0.00
The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.
Page 3 of 89