Google Android vulnerabilities

9,646 known vulnerabilities affecting google/android.

Total CVEs

9,646

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2

Vulnerabilities

Page 52 of 483

CVE-2024-33049HIGHCVSS 7.52024-10-01

CVE-2024-33049 [HIGH] CVE-2024-33049: WLAN Android Security Bulletin 2024-10-01 CVE: CVE-2024-33049 Severity: HIGH Component: WLAN References: A-344620633 QC-CR#3717569

android

CVE-2024-20094HIGHCVSS 7.52024-10-01

CVE-2024-20094 [HIGH] CVE-2024-20094: Modem Android Security Bulletin 2024-10-01 CVE: CVE-2024-20094 Severity: HIGH Component: Modem References: A-359692772 M-MOLY00843282 *

android

CVE-2024-23369HIGHCVSS 7.82024-10-01

CVE-2024-23369 [HIGH] CVE-2024-23369: Closed-source component Android Security Bulletin 2024-10-01 CVE: CVE-2024-23369 Severity: HIGH Component: Closed-source component References: A-332315343 *

android

CVE-2024-38399HIGHCVSS 8.42024-10-01

CVE-2024-38399 [HIGH] CVE-2024-38399: Display Android Security Bulletin 2024-10-01 CVE: CVE-2024-38399 Severity: HIGH Component: Display References: A-350500647 QC-CR#3762629 [2]

android

CVE-2024-39435HIGHCVSS 7.8v12.0v13.0+1 more2024-09-27

CVE-2024-39435 [HIGH] CVE-2024-39435: In Logmanager service, there is a possible missing verification incorrect input. This could lead to In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.

nvd

CVE-2024-39431MEDIUMCVSS 4.5v12.0v13.0+1 more2024-09-27

CVE-2024-39431 [MEDIUM] CWE-787 CVE-2024-39431: In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This coul In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.

nvdandroid

CVE-2024-39433MEDIUMCVSS 4.4v13.0v14.02024-09-27

CVE-2024-39433 [MEDIUM] CWE-787 CVE-2024-39433: In drm service, there is a possible out of bounds write due to a missing bounds check. This could le In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

nvd

CVE-2024-39434MEDIUMCVSS 4.4v13.0v14.02024-09-27

CVE-2024-39434 [MEDIUM] CWE-125 CVE-2024-39434: In drm service, there is a possible out of bounds read due to a missing bounds check. This could lea In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

nvd

CVE-2024-39432MEDIUMCVSS 4.5v12.0v13.0+1 more2024-09-27

CVE-2024-39432 [MEDIUM] CWE-787 CVE-2024-39432: In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.

nvdandroid

CVE-2024-44094HIGHCVSS 7.8vAndroid kernel2024-09-13

CVE-2024-44094 [HIGH] CWE-787 CVE-2024-44094: In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper in In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd

CVE-2024-44092HIGHCVSS 7.8vAndroid kernel2024-09-13

CVE-2024-44092 [HIGH] CWE-489 CVE-2024-44092: There is a possible LCS signing enforcement missing due to test/debugging code left in a production There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd

CVE-2024-44093HIGHCVSS 7.8vAndroid kernel2024-09-13

CVE-2024-44093 [HIGH] CWE-787 CVE-2024-44093: In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic err In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd

CVE-2024-29779HIGHCVSS 7.8vAndroid kernel2024-09-13

CVE-2024-29779 [HIGH] CWE-269 CVE-2024-29779: there is a possible escalation of privilege due to an unusual root cause. This could lead to local e there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

CVE-2024-44095HIGHCVSS 7.8vAndroid kernel2024-09-13

CVE-2024-44095 [HIGH] CWE-787 CVE-2024-44095: In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd

CVE-2024-44096MEDIUMCVSS 4.4vAndroid kernel2024-09-13

CVE-2024-44096 [MEDIUM] CWE-1188 CVE-2024-44096: there is a possible arbitrary read due to an insecure default value. This could lead to local inform there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

nvd

CVE-2024-40657HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40657 [HIGH] CWE-269 CVE-2024-40657: In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable app In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

CVE-2024-23716HIGHCVSS 7.0vAndroid SoC2024-09-11

CVE-2024-23716 [HIGH] CWE-416 CVE-2024-23716: In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race conditi In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

CVE-2024-31336HIGHCVSS 7.8vAndroid SoC2024-09-11

CVE-2024-31336 [HIGH] CWE-787 CVE-2024-31336: In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

CVE-2024-40652HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40652 [HIGH] CWE-862 CVE-2024-40652: In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app whi In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

nvdandroid

CVE-2024-40650HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40650 [HIGH] CWE-862 CVE-2024-40650: In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FR In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

← Previous52 / 483Next →