Google Android vulnerabilities
9,646 known vulnerabilities affecting google/android.
Total CVEs
9,646
CISA KEV
48
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2
Vulnerabilities
Page 43 of 483
CVE-2018-9374HIGHCVSS 7.8v6.0v6.0.1+8 more2024-11-28
CVE-2018-9374 [HIGH] CWE-863 CVE-2018-9374: In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This coul
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2018-9377MEDIUMCVSS 5.5v6.0v6.0.1+6 more2024-11-28
CVE-2018-9377 [MEDIUM] CWE-908 CVE-2018-9377: In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user m
In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2017-13323HIGHCVSS 7.8v6.0v6.0.1+8 more2024-11-27
CVE-2017-13323 [HIGH] CWE-190 CVE-2017-13323: In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. Thi
In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2017-13319HIGHCVSS 7.5v7.0v7.1.1+5 more2024-11-27
CVE-2017-13319 [HIGH] CWE-120 CVE-2017-13319: In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due
In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2017-13316HIGHCVSS 7.8v6.0v6.0.1+8 more2024-11-27
CVE-2017-13316 [HIGH] CWE-862 CVE-2017-13316: In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a miss
In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2018-9353MEDIUMCVSS 6.5v7.0v7.1.1+5 more2024-11-27
CVE-2018-9353 [MEDIUM] CWE-125 CVE-2018-9353: In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read
In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2018-9352MEDIUMCVSS 6.5v7.1v7.1.1+5 more2024-11-27
CVE-2018-9352 [MEDIUM] CWE-190 CVE-2018-9352: In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integ
In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2017-13321MEDIUMCVSS 5.5v8.0v8.1+1 more2024-11-27
CVE-2017-13321 [MEDIUM] CWE-125 CVE-2017-13321: In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.c
In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2017-13320MEDIUMCVSS 6.5v7.0v7.1.1+5 more2024-11-27
CVE-2017-13320 [MEDIUM] CWE-125 CVE-2017-13320: In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds ch
In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2018-9354MEDIUMCVSS 6.5v7.0v7.1.1+5 more2024-11-27
CVE-2018-9354 [MEDIUM] CWE-369 CVE-2018-9354: In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of se
In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2018-9349MEDIUMCVSS 6.5v7.0v7.1.1+5 more2024-11-27
CVE-2018-9349 [MEDIUM] CWE-125 CVE-2018-9349: In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This c
In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2018-9351MEDIUMCVSS 6.5v7.0v7.1.1+5 more2024-11-27
CVE-2018-9351 [MEDIUM] CWE-125 CVE-2018-9351: In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to m
In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2018-9350MEDIUMCVSS 6.5v7.0v7.1.1+5 more2024-11-27
CVE-2018-9350 [MEDIUM] CWE-125 CVE-2018-9350: In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing boun
In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2018-9478CRITICALCVSS 9.8v7.0v7.1.1+9 more2024-11-20
CVE-2018-9478 [CRITICAL] CWE-787 CVE-2018-9478: In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
nvdandroid
CVE-2018-9467CRITICALCVSS 9.8v7.0v7.1.1+9 more2024-11-20
CVE-2018-9467 [CRITICAL] CWE-276 CVE-2018-9467: In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determin
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.
nvdandroid
CVE-2018-9479CRITICALCVSS 9.8v7.0v7.1.1+9 more2024-11-20
CVE-2018-9479 [CRITICAL] CWE-787 CVE-2018-9479: In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
nvdandroid
CVE-2018-9469HIGHCVSS 7.8v7.1.1v7.1.2+7 more2024-11-20
CVE-2018-9469 [HIGH] CWE-862 CVE-2018-9469: In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut du
In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.
nvdandroid
CVE-2018-9474HIGHCVSS 7.8v7.0v7.1.1+9 more2024-11-20
CVE-2018-9474 [HIGH] CWE-502 CVE-2018-9474: In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due
In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvdandroid
CVE-2018-9475HIGHCVSS 8.8v7.0v7.1.1+9 more2024-11-20
CVE-2018-9475 [HIGH] CWE-787 CVE-2018-9475: In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due t
In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.
nvdandroid
CVE-2018-9472HIGHCVSS 8.8v7.0v7.1.1+7 more2024-11-20
CVE-2018-9472 [HIGH] CWE-190 CVE-2018-9472: In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflo
In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.
nvdandroid