Total
8334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39429 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-08-27 | N/A | 6.2 MEDIUM |
| In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2024-39428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-27 | N/A | 4.4 MEDIUM |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2024-7964 | 1 Google | 2 Android, Chrome | 2024-08-27 | N/A | 8.8 HIGH |
| Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-32903 | 1 Google | 1 Android | 2024-08-20 | N/A | 7.8 HIGH |
| In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32927 | 1 Google | 1 Android | 2024-08-20 | N/A | 7.8 HIGH |
| In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32913 | 1 Google | 1 Android | 2024-08-19 | N/A | 9.8 CRITICAL |
| In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32918 | 1 Google | 1 Android | 2024-08-19 | N/A | 6.1 MEDIUM |
| Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps | |||||
| CVE-2024-29781 | 1 Google | 1 Android | 2024-08-19 | N/A | 7.5 HIGH |
| In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32895 | 1 Google | 1 Android | 2024-08-19 | N/A | 7.8 HIGH |
| In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32900 | 1 Google | 1 Android | 2024-08-19 | N/A | 7.8 HIGH |
| In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21351 | 1 Google | 1 Android | 2024-08-16 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32906 | 1 Google | 1 Android | 2024-08-08 | N/A | 7.8 HIGH |
| In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32899 | 1 Google | 1 Android | 2024-08-08 | N/A | 7.0 HIGH |
| In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-6995 | 1 Google | 2 Android, Chrome | 2024-08-07 | N/A | 4.7 MEDIUM |
| Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2016-2427 | 2 Bouncycastle, Google | 2 Legion-of-the-bouncy-castle-java-crytography-api, Android | 2024-08-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed. | |||||
| CVE-2024-32905 | 1 Google | 1 Android | 2024-08-01 | N/A | 9.8 CRITICAL |
| In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32908 | 1 Google | 1 Android | 2024-08-01 | N/A | 7.8 HIGH |
| In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40088 | 1 Google | 1 Android | 2024-08-01 | N/A | 8.8 HIGH |
| In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40077 | 1 Google | 1 Android | 2024-08-01 | N/A | 8.1 HIGH |
| In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2020-0022 | 2 Google, Huawei | 43 Android, Honor 8a, Honor 8a Firmware and 40 more | 2024-08-01 | 8.3 HIGH | 8.8 HIGH |
| In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 | |||||