Android
by Google
CVEs (4,715)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27211 | Hig | 0.50 | 7.7 | 0.00 | Mar 11, 2024 | In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2016-3765 | Hig | 0.50 | 7.7 | 0.00 | Jul 11, 2016 | decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413. | ||
| CVE-2025-71256 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-71255 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-71254 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-71253 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-71252 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-71251 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-36895 | Hig | 0.49 | 7.5 | 0.00 | Sep 4, 2025 | Information disclosure | ||
| CVE-2025-36894 | Hig | 0.49 | 7.5 | 0.00 | Sep 4, 2025 | In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-36892 | Hig | 0.49 | 7.5 | 0.00 | Sep 4, 2025 | Denial of service | ||
| CVE-2025-22423 | Hig | 0.49 | 7.5 | 0.00 | Sep 2, 2025 | In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-0093 | Hig | 0.49 | 7.5 | 0.00 | Aug 26, 2025 | In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2025-0081 | Hig | 0.49 | 7.5 | 0.00 | Aug 26, 2025 | In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-40675 | Hig | 0.49 | 7.5 | 0.00 | Jan 28, 2025 | In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2024-49734 | Hig | 0.49 | 7.5 | 0.00 | Jan 21, 2025 | In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution… | ||
| CVE-2024-53834 | Hig | 0.49 | 7.5 | 0.00 | Jan 3, 2025 | In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2018-9426 | Hig | 0.49 | 7.5 | 0.00 | Dec 2, 2024 | In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2018-9381 | Hig | 0.49 | 7.5 | 0.00 | Dec 2, 2024 | In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2017-13319 | Hig | 0.49 | 7.5 | 0.00 | Nov 27, 2024 | In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not… |
- risk 0.50cvss 7.7epss 0.00
In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.50cvss 7.7epss 0.00
decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.
- risk 0.49cvss 7.5epss 0.00
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.49cvss 7.5epss 0.00
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.49cvss 7.5epss 0.00
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.49cvss 7.5epss 0.00
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.49cvss 7.5epss 0.00
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.49cvss 7.5epss 0.00
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.49cvss 7.5epss 0.00
Information disclosure
- risk 0.49cvss 7.5epss 0.00
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
Denial of service
- risk 0.49cvss 7.5epss 0.00
In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution…
- risk 0.49cvss 7.5epss 0.00
In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.00
In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.49cvss 7.5epss 0.00
In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not…
Page 112 of 236