Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Android
Total 7819 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43201 3 Apple, Google, Planetfitness 3 Iphone Os, Android, Planet Fitness Workouts 2024-09-30 N/A 5.9 MEDIUM
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information.
CVE-2024-8897 2 Google, Mozilla 2 Android, Firefox 2024-09-25 N/A 6.1 MEDIUM
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.
CVE-2024-38208 2 Google, Microsoft 2 Android, Edge 2024-09-19 N/A 6.1 MEDIUM
Microsoft Edge for Android Spoofing Vulnerability
CVE-2024-29779 1 Google 1 Android 2024-09-18 N/A 7.8 HIGH
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-44092 1 Google 1 Android 2024-09-18 N/A 7.8 HIGH
In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-44093 1 Google 1 Android 2024-09-18 N/A 7.8 HIGH
In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-44094 1 Google 1 Android 2024-09-18 N/A 7.8 HIGH
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-8639 1 Google 2 Android, Chrome 2024-09-13 N/A 8.8 HIGH
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8637 1 Google 2 Android, Chrome 2024-09-13 N/A 8.8 HIGH
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-34727 1 Google 1 Android 2024-09-11 N/A 7.5 HIGH
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20089 4 Google, Linuxfoundation, Mediatek and 1 more 15 Android, Yocto, Mt6835 and 12 more 2024-09-05 N/A 7.5 HIGH
In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.
CVE-2024-20088 2 Google, Mediatek 29 Android, Mt6765, Mt6768 and 26 more 2024-09-05 N/A 4.4 MEDIUM
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543.
CVE-2024-20087 2 Google, Mediatek 13 Android, Mt6765, Mt6768 and 10 more 2024-09-05 N/A 6.7 MEDIUM
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.
CVE-2024-20086 2 Google, Mediatek 13 Android, Mt6765, Mt6768 and 10 more 2024-09-05 N/A 6.7 MEDIUM
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551.
CVE-2024-45045 2 Collabora, Google 2 Online, Android 2024-09-03 N/A 6.1 MEDIUM
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.
CVE-2024-7964 1 Google 2 Android, Chrome 2024-08-27 N/A 8.8 HIGH
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8034 1 Google 2 Android, Chrome 2024-08-22 N/A 4.3 MEDIUM
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-32927 1 Google 1 Android 2024-08-20 N/A 7.8 HIGH
In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-6995 1 Google 2 Android, Chrome 2024-08-07 N/A 4.7 MEDIUM
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)