Google Android vulnerabilities

9,646 known vulnerabilities affecting google/android.

Total CVEs

9,646

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2

Vulnerabilities

Page 53 of 483

CVE-2024-40654HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40654 [HIGH] CWE-276 CVE-2024-40654: In multiple locations, there is a possible permission bypass due to a confused deputy. This could le In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

nvdandroid

CVE-2024-40658HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40658 [HIGH] CWE-787 CVE-2024-40658: In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a h In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

CVE-2024-40662HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40662 [HIGH] CWE-269 CVE-2024-40662: In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvdandroid

CVE-2024-40655HIGHCVSS 7.8v12.0v12.1+6 more2024-09-11

CVE-2024-40655 [HIGH] CWE-276 CVE-2024-40655: In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maint In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

nvdandroid

CVE-2024-40659MEDIUMCVSS 5.5v14.0v142024-09-11

CVE-2024-40659 [MEDIUM] CWE-120 CVE-2024-40659: In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not nee

nvdandroid

CVE-2024-40656MEDIUMCVSS 5.5v12.0v12.1+6 more2024-09-11

CVE-2024-40656 [MEDIUM] CWE-125 CVE-2024-40656: In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to revea In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

nvdandroid

CVE-2024-20089HIGHCVSS 7.5v13.0v14.02024-09-02

CVE-2024-20089 [HIGH] CWE-703 CVE-2024-20089: In wlan, there is a possible denial of service due to incorrect error handling. This could lead to r In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

nvd

CVE-2024-20087MEDIUMCVSS 6.7v12.02024-09-02

CVE-2024-20087 [MEDIUM] CWE-787 CVE-2024-20087: In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to l In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.

nvd

CVE-2024-20085MEDIUMCVSS 4.4v13.0v14.02024-09-02

CVE-2024-20085 [MEDIUM] CWE-125 CVE-2024-20085: In power, there is a possible out of bounds read due to a missing bounds check. This could lead to l In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

nvd

CVE-2024-20088MEDIUMCVSS 4.4v12.0v13.0+1 more2024-09-02

CVE-2024-20088 [MEDIUM] CWE-125 CVE-2024-20088: In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543.

nvd

CVE-2024-20084MEDIUMCVSS 4.4v13.0v14.02024-09-02

CVE-2024-20084 [MEDIUM] CWE-125 CVE-2024-20084: In power, there is a possible out of bounds read due to a missing bounds check. This could lead to l In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.

nvd

CVE-2024-20086MEDIUMCVSS 6.7v12.02024-09-02

CVE-2024-20086 [MEDIUM] CWE-787 CVE-2024-20086: In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to l In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551.

nvd

CVE-2024-33052CRITICALCVSS 7.82024-09-01

CVE-2024-33052 [HIGH] CVE-2024-33052: WLAN Android Security Bulletin 2024-09-01 CVE: CVE-2024-33052 Severity: CRITICAL Component: WLAN References: A-344620630 QC-CR#3773240

android

CVE-2024-33042CRITICALCVSS 7.82024-09-01

CVE-2024-33042 [HIGH] CVE-2024-33042: WLAN Android Security Bulletin 2024-09-01 CVE: CVE-2024-33042 Severity: CRITICAL Component: WLAN References: A-344620519 QC-CR#3774878

android

CVE-2024-33050HIGHCVSS 7.52024-09-01

CVE-2024-33050 [HIGH] CVE-2024-33050: WLAN Android Security Bulletin 2024-09-01 CVE: CVE-2024-33050 Severity: HIGH Component: WLAN References: A-344620238 QC-CR#3717568

android

CVE-2024-23364HIGHCVSS 7.52024-09-01

CVE-2024-23364 [HIGH] CVE-2024-23364: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-23364 Severity: HIGH Component: Closed-source component References: A-328083671 *

android

CVE-2024-23358HIGHCVSS 7.52024-09-01

CVE-2024-23358 [HIGH] CVE-2024-23358: Closed-source component Android Security Bulletin 2024-09-01 CVE: CVE-2024-23358 Severity: HIGH Component: Closed-source component References: A-328083897 *

android

CVE-2024-36972HIGHCVSS 7.52024-09-01

CVE-2024-36972 [HIGH] CVE-2024-36972: Net Android Security Bulletin 2024-09-01 CVE: CVE-2024-36972 Severity: HIGH Type: EoP Component: Net References: A-342490466 Upstream kernel [2] [3] [4] [5] [6]

android

CVE-2024-33035HIGHCVSS 8.42024-09-01

CVE-2024-33035 [HIGH] CVE-2024-33035: Display Android Security Bulletin 2024-09-01 CVE: CVE-2024-33035 Severity: HIGH Component: Display References: A-344620673 QC-CR#3734251

android

CVE-2024-33057HIGHCVSS 7.52024-09-01

CVE-2024-33057 [HIGH] CVE-2024-33057: WLAN Android Security Bulletin 2024-09-01 CVE: CVE-2024-33057 Severity: HIGH Component: WLAN References: A-344620215 QC-CR#3699767

android

← Previous53 / 483Next →