Vulnerabilities
Vulnerable Software
Google:  >> Android  Security Vulnerabilities
There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-05-27
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-21
In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-05-05
In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-05-05
In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-05
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-04-07
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-04-07
In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-07
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-04-07
In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-04-07


Contact Us

Shodan ® - All rights reserved