Filtered by vendor Google
Subscriptions
Total
13213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22437 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22438 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22442 | 1 Google | 1 Android | 2025-09-04 | 7 High |
| In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22439 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-26416 | 1 Google | 1 Android | 2025-09-04 | 9.8 Critical |
| In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-9867 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2025-09-04 | 8.8 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | 5.4 Medium |
| Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-9864 | 1 Google | 1 Chrome | 2025-09-04 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-21474 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-04 | 6.3 Medium |
| Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege. | ||||
| CVE-2023-21479 | 2 Google, Samsung | 4 Android, Mobile, Samsung Mobile and 1 more | 2025-09-04 | 5.3 Medium |
| Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. | ||||
| CVE-2025-21030 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-04 | 4.3 Medium |
| Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background. | ||||
| CVE-2023-21482 | 2 Google, Samsung | 4 Android, Camera, Mobile and 1 more | 2025-09-04 | 6.1 Medium |
| Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard. | ||||
| CVE-2023-21469 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-04 | 4 Medium |
| Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. | ||||
| CVE-2025-21041 | 2 Google, Samsung | 3 Android, Mobile, Secure Folder | 2025-09-04 | 6.2 Medium |
| Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | ||||
| CVE-2025-21035 | 2 Google, Samsung | 5 Android, Calendar, Mobile and 2 more | 2025-09-04 | 4.6 Medium |
| Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2025-27701 | 1 Google | 1 Android | 2025-09-04 | 5.5 Medium |
| In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. | ||||
| CVE-2025-27700 | 1 Google | 1 Android | 2025-09-04 | 8.4 High |
| There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-56193 | 1 Google | 1 Android | 2025-09-04 | 5.1 Medium |
| There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-56192 | 1 Google | 1 Android | 2025-09-04 | 7.8 High |
| In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||