{"cves":[{"cve_id":"CVE-2026-32317","summary":"Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.12.3.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"epss":0.00012,"ranking_epss":0.01467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cryptomator/android/releases/tag/1.12.3","https://github.com/cryptomator/android/security/advisories/GHSA-876q-q3mm-fcvj"],"published_time":"2026-03-20T19:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20992","summary":"Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"epss":0.00015,"ranking_epss":0.03153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03"],"published_time":"2026-03-16T14:18:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20988","summary":"Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"epss":0.00014,"ranking_epss":0.02461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03"],"published_time":"2026-03-16T14:18:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20989","summary":"Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"epss":0.0001,"ranking_epss":0.0102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03"],"published_time":"2026-03-16T14:18:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20990","summary":"Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00027,"ranking_epss":0.07429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03"],"published_time":"2026-03-16T14:18:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20991","summary":"Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00016,"ranking_epss":0.03818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03"],"published_time":"2026-03-16T14:18:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0116","summary":"In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00209,"ranking_epss":0.43343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0117","summary":"In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0118","summary":"In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.0001,"ranking_epss":0.00974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0119","summary":"In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memory corruption. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00011,"ranking_epss":0.01414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0120","summary":"In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00209,"ranking_epss":0.43343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0121","summary":"In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":2.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.9,"epss":6e-05,"ranking_epss":0.00321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0122","summary":"In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00031,"ranking_epss":0.08765,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0123","summary":"In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0124","summary":"There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00018,"ranking_epss":0.04345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0107","summary":"In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0108","summary":"The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":6e-05,"ranking_epss":0.00423,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0109","summary":"In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00177,"ranking_epss":0.39234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0110","summary":"In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00209,"ranking_epss":0.43343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0111","summary":"In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00209,"ranking_epss":0.43343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0112","summary":"In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":7e-05,"ranking_epss":0.0047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0113","summary":"In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00209,"ranking_epss":0.43343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0114","summary":"In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00209,"ranking_epss":0.43343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0115","summary":"In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":2.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.1,"epss":7e-05,"ranking_epss":0.00574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36920","summary":"In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00014,"ranking_epss":0.02349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2026-03-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T21:16:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48611","summary":"In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"epss":0.00018,"ranking_epss":0.04345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2026-03-10T20:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61613","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00062,"ranking_epss":0.19595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61614","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00062,"ranking_epss":0.19595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61615","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00062,"ranking_epss":0.19595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61616","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00083,"ranking_epss":0.24394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-69278","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00201,"ranking_epss":0.42248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-69279","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00201,"ranking_epss":0.42248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61612","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution  privileges needed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00062,"ranking_epss":0.19595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/2030931350138310657"],"published_time":"2026-03-09T09:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30797","summary":"Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00041,"ranking_epss":0.12687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30798","summary":"Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00021,"ranking_epss":0.05641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30793","summary":"Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00026,"ranking_epss":0.07174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://github.com/rustdesk/hbb_common","https://github.com/rustdesk/rustdesk","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30794","summary":"Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true).\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00028,"ranking_epss":0.07822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://github.com/rustdesk/rustdesk","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30795","summary":"Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password).\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00015,"ranking_epss":0.03001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://github.com/rustdesk/rustdesk","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30789","summary":"Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00112,"ranking_epss":0.29821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30792","summary":"A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options().\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00045,"ranking_epss":0.13913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30783","summary":"A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.0009,"ranking_epss":0.25571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30791","summary":"Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig().\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00016,"ranking_epss":0.03367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T15:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0028","summary":"In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d","https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20","https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0029","summary":"In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":6e-05,"ranking_epss":0.00426,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b","https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf","https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0030","summary":"In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d","https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20","https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0031","summary":"In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d","https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20","https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0032","summary":"In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/048aebb861d2f3ed4d260a4c9f4e72a43cae9b1e","https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0034","summary":"In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":4e-05,"ranking_epss":0.00148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0035","summary":"In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0037","summary":"In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0038","summary":"In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.0001,"ranking_epss":0.01112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae","https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41","https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739","https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a","https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321","https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f","https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0047","summary":"In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0015","summary":"In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":3e-05,"ranking_epss":0.0007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0017","summary":"In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"epss":3e-05,"ranking_epss":0.00112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0020","summary":"In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0021","summary":"In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0023","summary":"In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":2e-05,"ranking_epss":0.00046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0024","summary":"In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":2e-05,"ranking_epss":0.0005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0025","summary":"In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.0012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0026","summary":"In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":2e-05,"ranking_epss":0.00053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0027","summary":"In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/3af14d2057f2f3df97472cef6b293113b020d1e6","https://android.googlesource.com/kernel/common/+/5161b3e75fb025bb4ebb11fbf1ac037021e56719","https://android.googlesource.com/kernel/common/+/a47e0e78ad5b4e153b40fc1c9def11991aa6ca0c","https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0005","summary":"In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":3e-05,"ranking_epss":0.00069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0006","summary":"In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00043,"ranking_epss":0.1313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0007","summary":"In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"epss":2e-05,"ranking_epss":0.00053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0008","summary":"In  multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0010","summary":"In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0011","summary":"In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":4e-05,"ranking_epss":0.00148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0012","summary":"In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":3e-05,"ranking_epss":0.00123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0013","summary":"In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0014","summary":"In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":3e-05,"ranking_epss":0.0007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48642","summary":"In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":2e-05,"ranking_epss":0.00041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48644","summary":"In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":2e-05,"ranking_epss":0.00051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48645","summary":"In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48646","summary":"In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":2e-05,"ranking_epss":0.00052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48650","summary":"In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48653","summary":"In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48654","summary":"In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00077,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48609","summary":"In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"epss":0.00014,"ranking_epss":0.02705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48613","summary":"In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48619","summary":"In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48630","summary":"In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":3e-05,"ranking_epss":0.0008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48634","summary":"In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":3e-05,"ranking_epss":0.00077,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48635","summary":"In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"epss":3e-05,"ranking_epss":0.00119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48636","summary":"In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":9e-05,"ranking_epss":0.00926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/wear/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48641","summary":"In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":2e-05,"ranking_epss":0.00039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48574","summary":"In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48577","summary":"In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":3e-05,"ranking_epss":0.00063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48578","summary":"In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48579","summary":"In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48582","summary":"In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":3e-05,"ranking_epss":0.00117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48585","summary":"In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":3e-05,"ranking_epss":0.0007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48587","summary":"In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":3e-05,"ranking_epss":0.0007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48602","summary":"In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":4e-05,"ranking_epss":0.00147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48605","summary":"In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":4e-05,"ranking_epss":0.00147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48567","summary":"In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to  incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48568","summary":"In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":3e-05,"ranking_epss":0.00063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-31328","summary":"In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00051,"ranking_epss":0.1598,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/wear/2026/2026-03-01","https://source.android.com/docs/security/bulletin/wear/2026/2026-03-01"],"published_time":"2026-03-02T19:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43766","summary":"In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00047,"ranking_epss":0.14531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32313","summary":"In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":7e-05,"ranking_epss":0.00614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2026-03-02T19:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20445","summary":"In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00018,"ranking_epss":0.04462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20438","summary":"In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"epss":5e-05,"ranking_epss":0.00234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20439","summary":"In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":5e-05,"ranking_epss":0.00278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20440","summary":"In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":8e-05,"ranking_epss":0.00674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20441","summary":"In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20442","summary":"In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":5e-05,"ranking_epss":0.00278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20443","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20444","summary":"In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20428","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20429","summary":"In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":6e-05,"ranking_epss":0.00309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20435","summary":"In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.0001,"ranking_epss":0.01023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20437","summary":"In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":5e-05,"ranking_epss":0.00278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20416","summary":"In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"epss":0.00021,"ranking_epss":0.05669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20424","summary":"In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":6e-05,"ranking_epss":0.00309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20425","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20426","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20427","summary":"In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2026"],"published_time":"2026-03-02T09:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0106","summary":"In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"epss":3e-05,"ranking_epss":0.00107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01"],"published_time":"2026-02-05T21:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20981","summary":"Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00017,"ranking_epss":0.04246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20982","summary":"Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"epss":0.00015,"ranking_epss":0.03145,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20983","summary":"Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20977","summary":"Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":7e-05,"ranking_epss":0.00528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20978","summary":"Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"epss":7e-05,"ranking_epss":0.00613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20979","summary":"Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20980","summary":"Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00016,"ranking_epss":0.03675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02"],"published_time":"2026-02-04T07:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20411","summary":"In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":2e-05,"ranking_epss":0.00058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20412","summary":"In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20413","summary":"In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":4e-05,"ranking_epss":0.0014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20414","summary":"In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":3e-05,"ranking_epss":0.00066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20415","summary":"In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":5e-05,"ranking_epss":0.00258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20417","summary":"In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":2e-05,"ranking_epss":0.00035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20409","summary":"In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20410","summary":"In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":3e-05,"ranking_epss":0.00066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2026"],"published_time":"2026-02-02T09:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48647","summary":"In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":4e-05,"ranking_epss":0.00189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2026/2026-01-01"],"published_time":"2026-01-16T19:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36911","summary":"In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":8e-05,"ranking_epss":0.00782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2026/2026-01-01","https://whisperpair.eu/"],"published_time":"2026-01-15T18:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20968","summary":"Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20969","summary":"Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00026,"ranking_epss":0.07091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20970","summary":"Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20971","summary":"Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20972","summary":"Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"epss":7e-05,"ranking_epss":0.0052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20973","summary":"Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00021,"ranking_epss":0.05682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20974","summary":"Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00017,"ranking_epss":0.03949,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01"],"published_time":"2026-01-09T07:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20800","summary":"In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20801","summary":"In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":5e-05,"ranking_epss":0.0026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20802","summary":"In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20803","summary":"In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20804","summary":"In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20805","summary":"In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20806","summary":"In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20807","summary":"In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20787","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20795","summary":"In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00611,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20796","summary":"In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.0103,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20797","summary":"In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20798","summary":"In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20799","summary":"In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20779","summary":"In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20780","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20781","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20782","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20783","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20784","summary":"In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20785","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20786","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20778","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2026"],"published_time":"2026-01-06T02:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-65835","summary":"The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00023,"ranking_epss":0.06142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/EddyVerbruggen/SocialSharing-PhoneGap-Plugin","https://medium.com/@lcrawfqrd/local-dos-via-exported-receivers-f6b1da10d3b7","https://www.npmjs.com/package/cordova-plugin-x-socialsharing"],"published_time":"2025-12-15T19:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36935","summary":"In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36936","summary":"In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36937","summary":"In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00187,"ranking_epss":0.40495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36938","summary":"In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00017,"ranking_epss":0.03996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01","https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"],"published_time":"2025-12-11T20:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36925","summary":"In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36927","summary":"In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36928","summary":"In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36929","summary":"In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0001,"ranking_epss":0.01081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36930","summary":"In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36931","summary":"In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36932","summary":"In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36934","summary":"In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":3e-05,"ranking_epss":0.00059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01","https://project-zero.issues.chromium.org/issues/426567975"],"published_time":"2025-12-11T20:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36912","summary":"In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00158,"ranking_epss":0.36677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36916","summary":"In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":6e-05,"ranking_epss":0.00358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36917","summary":"In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00158,"ranking_epss":0.36677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36918","summary":"In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36919","summary":"In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36921","summary":"In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":7e-05,"ranking_epss":0.00548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36922","summary":"In bigo_map of bigo_iommu.c, there is a possible information disclosure  due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":8e-05,"ranking_epss":0.00682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36923","summary":"In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00013,"ranking_epss":0.02013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36924","summary":"In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00013,"ranking_epss":0.02013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36889","summary":"In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-12-01"],"published_time":"2025-12-11T20:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48569","summary":"In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":7e-05,"ranking_epss":0.00653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16-qpr2"],"published_time":"2025-12-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48606","summary":"In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01137,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16-qpr2"],"published_time":"2025-12-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48608","summary":"In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16-qpr2"],"published_time":"2025-12-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48625","summary":"In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":8e-05,"ranking_epss":0.00737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16-qpr2"],"published_time":"2025-12-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48627","summary":"In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/d34ae40f870d4362a069940a035a4d58a536a231","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48628","summary":"In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/9489a5dcd3cdd426d5b39d9caf6bb78142af2399","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48629","summary":"In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48631","summary":"In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00055,"ranking_epss":0.17288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48632","summary":"In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/de27b16b1af86d4ce18c9134d85b53331a8d2147","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48633","summary":"In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00137,"ranking_epss":0.33666,"kev":true,"propose_action":"Android Framework contains an unspecified vulnerability that allows for information disclosure.","ransomware_campaign":"Unknown","references":["https://android.googlesource.com/platform/frameworks/base/+/d00bcda9f42dcf272d329e9bf9298f32af732f93","https://source.android.com/security/bulletin/2025-12-01","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48633"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48637","summary":"In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/4cfc9c2d8815577832cafbfcd7f98025f0da718d","https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48638","summary":"In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00015,"ranking_epss":0.03303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe","https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48639","summary":"In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.0001,"ranking_epss":0.0114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/6d1697c96c5cae5062f6aea58cf2665b7d646cb8","https://android.googlesource.com/platform/frameworks/native/+/cc34c7b416b964c05a42ae3e9c2929b59b92c64f","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48615","summary":"In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/a5795fc0cf1f21da88cf05ad06610d3653d1be0e","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48618","summary":"In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":9e-05,"ranking_epss":0.00914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/opt/telephony/+/fee68bcdcf029e8f40980616d09367610544bc62","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48620","summary":"In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/84dd2b90f4a2ea1ebc5b78f08f14c5a3b92c9c2d","https://android.googlesource.com/platform/frameworks/base/+/db86972777c84a386d8a6d2d34879923bdbccdf6","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48621","summary":"In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":3e-05,"ranking_epss":0.00111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/6d1697c96c5cae5062f6aea58cf2665b7d646cb8","https://android.googlesource.com/platform/frameworks/native/+/cc34c7b416b964c05a42ae3e9c2929b59b92c64f","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48622","summary":"In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00014,"ranking_epss":0.02327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/cts/+/1bcf948f5e555ad7b9b54549698c3e569d7a0af5","https://android.googlesource.com/platform/external/dng_sdk/+/de700ad461e35af50b28b861943a0b0753b10929","https://android.googlesource.com/platform/external/skia/+/40c3f0a50fb9b47f543be0949f9004e77510f494","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48623","summary":"In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00015,"ranking_epss":0.03303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81","https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48624","summary":"In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/0668e45a43398a07c3aa2ae08903097657efd87e","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48626","summary":"In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00413,"ranking_epss":0.61464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/9fb37191609f7cb7b2374531cafb2d00ec8b4bec","https://android.googlesource.com/platform/packages/apps/Launcher3/+/7628af9bf77f1d145359bf4075a6674574cae496","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48599","summary":"In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/7a792e0b8f68bc4aeb939af703790fd76b51ccbd","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48600","summary":"In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":4e-05,"ranking_epss":0.00192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/IntentResolver/+/bbe2dc3fb85fac9053b427b6d3c4af3506e0d9b4","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48601","summary":"In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":8e-05,"ranking_epss":0.00795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48603","summary":"In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":5e-05,"ranking_epss":0.00264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/b4c6786312a217ad9dfd97041b2f1e2f77e39b94","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48604","summary":"In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":4e-05,"ranking_epss":0.00192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/services/Mms/+/c60a828b9fa18f67260775a46c752f353fcc0d43","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48607","summary":"In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":5e-05,"ranking_epss":0.00255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/03d7040699148c961df09dec301d8a1e982ee231","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48610","summary":"In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.0091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/19fbea31785113700731f4b458d7e20d05777729","https://android.googlesource.com/kernel/common/+/cac44a0bcfc58c85082b13220b4adcac43ccf369","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48612","summary":"In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/aa744e8988f0e7b77a71087edd4d2546b58d2f24","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48614","summary":"In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00011,"ranking_epss":0.01365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/ec0c32ea736ba3c594352c345358a778334bc773","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48589","summary":"In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/2aeba76a58c18f66502ecbba4c2e73a8d6e2928c","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48590","summary":"In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":5e-05,"ranking_epss":0.00264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/848f944921756467dba98069ea33531a2f180373","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48591","summary":"In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/3df02a7df8488e04e31ae1d9d081ed1b881dd6ad","https://android.googlesource.com/platform/packages/services/Mms/+/43ca1053f0a09b6fd1503caaecb62967a497b554","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48592","summary":"In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00043,"ranking_epss":0.13133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/av/+/8febdebcb5e8736ec013a7d64e70f50e87649b52","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48594","summary":"In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":6e-05,"ranking_epss":0.00359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/ea2bcc66534263fac4c337f1a5149704c2262169","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48596","summary":"In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/6ffdde944d4e0b440b1dfc1f232687299700e039","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48597","summary":"In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/68170bad52250399d2e4a1a8023a3e7aeda1887d","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48598","summary":"In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":7e-05,"ranking_epss":0.00654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/83447688f8e3e8f009f1e7d275a14ea00ee7953a","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48572","summary":"In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00211,"ranking_epss":0.43621,"kev":true,"propose_action":"Android Framework contains an unspecified vulnerability that allows for privilege escalation.","ransomware_campaign":"Unknown","references":["https://android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192","https://source.android.com/security/bulletin/2025-12-01","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48572"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48573","summary":"In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/039030a6b0e7d255af70609a3607e805ad2a99ff","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48575","summary":"In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/d688ebdbfd404df1e25654bfdf9e790ad9f0db3c","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48576","summary":"In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":7e-05,"ranking_epss":0.00653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/b812baa1463c9f9e81efa617c9d08ed7a63488b4","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48580","summary":"In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.0026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/eb19b27ed8abe9070df9fb85bc9693c8d4ba321b","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48583","summary":"In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.0026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/02751bc65824a3877bdc21d865cd801b5e9f5e6c","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48584","summary":"In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":5e-05,"ranking_epss":0.00264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/08a0766708db2071d9b8b65abf40d7e8057daaa1","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48586","summary":"In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/services/Telephony/+/851fc787e96189a37f88cb9eaa688087883357c3","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48588","summary":"In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/cabbb7da639520633ad318655d1b5fe1c685c78e","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32328","summary":"In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.0026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/e030442861f4dd0e03d67b65f0940b488007f0d7","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32329","summary":"In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.0026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/e030442861f4dd0e03d67b65f0940b488007f0d7","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48525","summary":"In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/31989869759e9b6119dc1cf324c395d789024908","https://android.googlesource.com/platform/frameworks/base/+/5ec1cdae1805dec292a2de5554896363eaa078eb","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48536","summary":"In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/586f8dedd8e0e8a7ca5577cd1f06891f7e84e1e1","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48555","summary":"In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/596c7b9911f2004df83b8d2708ad4b50e8d53805","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48564","summary":"In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00014,"ranking_epss":0.02704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/0f3e248787d88154c8592f6e055b6b3586f4877d","https://android.googlesource.com/platform/frameworks/base/+/28579dff4305f764302d85f95509671eafbf62ac","https://android.googlesource.com/platform/packages/modules/IntentResolver/+/4e6cf5285d0b1725fb9141e810050cfdb3fb42fd","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48565","summary":"In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00018,"ranking_epss":0.04752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/0f3e248787d88154c8592f6e055b6b3586f4877d","https://android.googlesource.com/platform/frameworks/base/+/28579dff4305f764302d85f95509671eafbf62ac","https://android.googlesource.com/platform/packages/modules/IntentResolver/+/4e6cf5285d0b1725fb9141e810050cfdb3fb42fd","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48566","summary":"In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00028,"ranking_epss":0.07855,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/0f3e248787d88154c8592f6e055b6b3586f4877d","https://android.googlesource.com/platform/frameworks/base/+/28579dff4305f764302d85f95509671eafbf62ac","https://android.googlesource.com/platform/packages/modules/IntentResolver/+/4e6cf5285d0b1725fb9141e810050cfdb3fb42fd","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32319","summary":"In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/70ab82c4546aa893682a4507664dc2c471d6cd95","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22420","summary":"In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":5e-05,"ranking_epss":0.00228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/fb8f76eca9079c34af3e14ee0a58bc10a580ec42","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22432","summary":"In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":8e-05,"ranking_epss":0.00709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a43a880beaa6a64348a1d0c821e8c7e98d741a79","https://source.android.com/security/bulletin/2025-12-01"],"published_time":"2025-12-08T17:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14111","summary":"A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: \"This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected.\"","cvss":5.0,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":5.0,"epss":0.00326,"ranking_epss":0.55595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Secsys-FDU/AF_CVEs/blob/main/com.rarlab.rar/RAR%20APP%20Arbitrary%20File%20Write%20and%20Read%20Vulnerability.md","https://vuldb.com/?ctiid.334491","https://vuldb.com/?id.334491","https://vuldb.com/?submit.697375","https://github.com/Secsys-FDU/AF_CVEs/blob/main/com.rarlab.rar/RAR%20APP%20Arbitrary%20File%20Write%20and%20Read%20Vulnerability.md"],"published_time":"2025-12-05T23:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13876","summary":"A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.00052,"ranking_epss":0.16344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Secsys-FDU/AF_CVEs/blob/main/HD%20Video%20Player%20All%20Formats/HD%20Video%20Player%20All%20Formats%20APP%20Arbitrary%20File%20Overwrite%20Vulnerability.md","https://vuldb.com/?ctiid.334032","https://vuldb.com/?id.334032","https://vuldb.com/?submit.692169"],"published_time":"2025-12-02T15:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20774","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20775","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20776","summary":"In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20777","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20788","summary":"In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":5e-05,"ranking_epss":0.00275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20789","summary":"In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":5e-05,"ranking_epss":0.00254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20767","summary":"In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20768","summary":"In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20769","summary":"In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00206,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20770","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20771","summary":"In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20772","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20773","summary":"In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20763","summary":"In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20764","summary":"In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20765","summary":"In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"epss":2e-05,"ranking_epss":0.00038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20766","summary":"In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2025"],"published_time":"2025-12-02T03:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58475","summary":"Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":5.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.6,"epss":0.00026,"ranking_epss":0.07092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58476","summary":"Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":0.00023,"ranking_epss":0.06127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58477","summary":"Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00072,"ranking_epss":0.22062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58478","summary":"Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00072,"ranking_epss":0.22062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58479","summary":"Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00055,"ranking_epss":0.17275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58480","summary":"Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00057,"ranking_epss":0.18065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21072","summary":"Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.00017,"ranking_epss":0.041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21080","summary":"Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00018,"ranking_epss":0.04452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12"],"published_time":"2025-12-02T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61619","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61607","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61608","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61609","summary":"In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61610","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61617","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-61618","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11132","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11133","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3012","summary":"In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11131","summary":"In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00214,"ranking_epss":0.43946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en/support/announcement/1995394837938163714"],"published_time":"2025-12-01T08:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48593","summary":"In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00024,"ranking_epss":0.06447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5ed63461b44198c80d5aff7e1af1df812f782abb","https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c69c78d7c4f623201f35831d32e6c401156e76cc","https://source.android.com/security/bulletin/2025-11-01"],"published_time":"2025-11-18T05:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13102","summary":"Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00096,"ranking_epss":0.26709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/351564774"],"published_time":"2025-11-14T03:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11919","summary":"Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00136,"ranking_epss":0.33472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/352516283"],"published_time":"2025-11-14T03:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12729","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":0.00051,"ranking_epss":0.15998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/454354281"],"published_time":"2025-11-10T20:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12447","summary":"Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":0.00056,"ranking_epss":0.17742,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/442636157"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12725","summary":"Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00133,"ranking_epss":0.32923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/443906252"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12728","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":0.00121,"ranking_epss":0.31161,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/452392032"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12435","summary":"Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"epss":0.00058,"ranking_epss":0.18496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446463993"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12908","summary":"Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"epss":0.00171,"ranking_epss":0.38384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/421511847"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11213","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"epss":0.00083,"ranking_epss":0.24313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/443408317"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11209","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"epss":0.00049,"ranking_epss":0.15209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/438226517"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21071","summary":"Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.0001,"ranking_epss":0.01139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"],"published_time":"2025-11-05T06:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21073","summary":"Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00027,"ranking_epss":0.0744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"],"published_time":"2025-11-05T06:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21074","summary":"Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00036,"ranking_epss":0.1051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"],"published_time":"2025-11-05T06:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21075","summary":"Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00071,"ranking_epss":0.21859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=11"],"published_time":"2025-11-05T06:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20749","summary":"In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20747","summary":"In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20746","summary":"In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20744","summary":"In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":4e-05,"ranking_epss":0.00198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20745","summary":"In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10095441; Issue ID: MSV-4294.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":4e-05,"ranking_epss":0.00198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20743","summary":"In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10136671; Issue ID: MSV-4651.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":4e-05,"ranking_epss":0.00198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20730","summary":"In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":5e-05,"ranking_epss":0.00273,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2025"],"published_time":"2025-11-04T07:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11717","summary":"When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"epss":0.00044,"ranking_epss":0.13552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1872601","https://www.mozilla.org/security/advisories/mfsa2025-81/"],"published_time":"2025-10-14T13:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11718","summary":"When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00026,"ranking_epss":0.0736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1980808","https://www.mozilla.org/security/advisories/mfsa2025-81/"],"published_time":"2025-10-14T13:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11720","summary":"The Firefox and Firefox Focus UI for the Android custom tab feature only showed the \"site\" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00043,"ranking_epss":0.13385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1979534","https://bugzilla.mozilla.org/show_bug.cgi?id=1984370","https://www.mozilla.org/security/advisories/mfsa2025-81/"],"published_time":"2025-10-14T13:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11716","summary":"Links in a sandboxed iframe could open an external app on Android without the required \"allow-\" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00028,"ranking_epss":0.08014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1818679","https://www.mozilla.org/security/advisories/mfsa2025-81/","https://www.mozilla.org/security/advisories/mfsa2025-84/"],"published_time":"2025-10-14T13:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20722","summary":"In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/October-2025"],"published_time":"2025-10-14T10:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20723","summary":"In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/October-2025"],"published_time":"2025-10-14T10:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20721","summary":"In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/October-2025"],"published_time":"2025-10-14T10:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21063","summary":"Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00021,"ranking_epss":0.05701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21054","summary":"Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00016,"ranking_epss":0.03386,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21055","summary":"Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00041,"ranking_epss":0.12439,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21048","summary":"Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00018,"ranking_epss":0.0433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21049","summary":"Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00012,"ranking_epss":0.01487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21050","summary":"Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":0.00022,"ranking_epss":0.05952,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21051","summary":"Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00015,"ranking_epss":0.03277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21052","summary":"Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00018,"ranking_epss":0.04526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21053","summary":"Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00018,"ranking_epss":0.04526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21046","summary":"Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"epss":0.00023,"ranking_epss":0.06081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21047","summary":"Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.","cvss":5.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.2,"epss":0.00027,"ranking_epss":0.07571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21044","summary":"Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.0001,"ranking_epss":0.01166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10"],"published_time":"2025-10-10T07:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59489","summary":"Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":0.00015,"ranking_epss":0.02967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/","https://unity.com/security#security-updates-and-patches","https://unity.com/security/sept-2025-01"],"published_time":"2025-10-03T14:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21042","summary":"Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01838,"ranking_epss":0.82894,"kev":true,"propose_action":"Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.","ransomware_campaign":"Unknown","references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04","https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042"],"published_time":"2025-09-12T08:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21043","summary":"Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.04908,"ranking_epss":0.89569,"kev":true,"propose_action":"Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.","ransomware_campaign":"Unknown","references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21043"],"published_time":"2025-09-12T08:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10201","summary":"Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00022,"ranking_epss":0.05839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html","https://issues.chromium.org/issues/439305148"],"published_time":"2025-09-10T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32318","summary":"In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.0009,"ranking_epss":0.25701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32320","summary":"In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26461","summary":"In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"epss":8e-05,"ranking_epss":0.00775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32316","summary":"In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32317","summary":"In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.0032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0028","summary":"In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.0032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26434","summary":"In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/android-16"],"published_time":"2025-09-05T17:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26431","summary":"In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-05-01"],"published_time":"2025-09-04T20:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26439","summary":"In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-05-01"],"published_time":"2025-09-04T20:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32322","summary":"In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.0124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-09-01"],"published_time":"2025-09-04T20:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22414","summary":"In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-03-01"],"published_time":"2025-09-04T20:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22415","summary":"In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":6e-05,"ranking_epss":0.00408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-03-01"],"published_time":"2025-09-04T20:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26419","summary":"In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"epss":7e-05,"ranking_epss":0.00574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-05-01"],"published_time":"2025-09-04T20:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40664","summary":"In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00094,"ranking_epss":0.26391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-05-01"],"published_time":"2025-09-04T20:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49731","summary":"In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.0003,"ranking_epss":0.08584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-02-01"],"published_time":"2025-09-04T20:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48559","summary":"In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0001,"ranking_epss":0.01162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/7b88db4928f390cb7656dcc4a14fac2d645301a9","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48560","summary":"In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.0032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/wear/2025-09-01"],"published_time":"2025-09-04T19:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48561","summary":"In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00011,"ranking_epss":0.01275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/20465375a1d0cb71cdb891235a9f8a3fba31dbf6","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48562","summary":"In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"epss":7e-05,"ranking_epss":0.00537,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/252efec89b01a89b4d394c500e9dae2b6c08dbae","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48563","summary":"In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/a6a570a6f4972c1dfea13c5fe3558805c1658991","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48581","summary":"In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":4e-05,"ranking_epss":0.00194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/build/+/cda08bfbf55aed1e4c79efe6a66bb930d19a8a13","https://android.googlesource.com/platform/system/apex/+/13bbfe3ef2953e9805d57d3219cc122e485ba90f","https://android.googlesource.com/platform/system/apex/+/5a33fa4202cb5f06d7f02f3a2b8d13780d7cb3f5","https://source.android.com/security/bulletin/2025-11-01"],"published_time":"2025-09-04T19:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48550","summary":"In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00013,"ranking_epss":0.02005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/354820f6ec38e8c50140bb5247779d3a3423b4c4","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48551","summary":"In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"epss":4e-05,"ranking_epss":0.00191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/IntentResolver/+/13c30b464d042f3e00899ffcf1c02b76bc35f769","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48552","summary":"In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/bb6d2f17243ddd4313f826b9ac6119fb40962ee7","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48553","summary":"In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/660c7075dc00d23a47f8b2018d62c66b8e27c450","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48554","summary":"In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"epss":0.00011,"ranking_epss":0.01187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/660c7075dc00d23a47f8b2018d62c66b8e27c450","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48556","summary":"In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":8e-05,"ranking_epss":0.00754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/fc5d9b6ef5305263d37404fc3d4afe583a15c62b","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48558","summary":"In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/0d30c78c8953adfc969a8dba8a58a8ea3571908c","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48544","summary":"In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/2026/2026-03-01"],"published_time":"2025-09-04T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48545","summary":"In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":6e-05,"ranking_epss":0.00429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/66ac17909252c80b0edf7f4ae282bce4579410ad","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48546","summary":"In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/8b660e88700541ca70a01c7b25a52587ec65411f","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48547","summary":"In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":8e-05,"ranking_epss":0.00681,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Permission/+/5dca0ccb26f2b99d706a1d3e9402f851e849c913","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48548","summary":"In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":7e-05,"ranking_epss":0.006,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/av/+/37e7f808fad105da187b021fb762a66d37c9212a","https://android.googlesource.com/platform/frameworks/av/+/8c09eb1034cb3b02a66f6c241c0b9c9981998d6f","https://android.googlesource.com/platform/frameworks/base/+/00344da68fce6ec4f7a1bf36f0ea3797805f00ce","https://android.googlesource.com/platform/frameworks/base/+/20e363e2225843ff3cc7d6bea05ae2f4db83b408","https://android.googlesource.com/platform/frameworks/base/+/acbd37d21c2feffb6d64e669b956d59a6062b751","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48549","summary":"In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/av/+/37e7f808fad105da187b021fb762a66d37c9212a","https://android.googlesource.com/platform/frameworks/av/+/8c09eb1034cb3b02a66f6c241c0b9c9981998d6f","https://android.googlesource.com/platform/frameworks/base/+/00344da68fce6ec4f7a1bf36f0ea3797805f00ce","https://android.googlesource.com/platform/frameworks/base/+/20e363e2225843ff3cc7d6bea05ae2f4db83b408","https://android.googlesource.com/platform/frameworks/base/+/acbd37d21c2feffb6d64e669b956d59a6062b751","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48538","summary":"In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.00913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/bd7578b738a09734a2d23656e5569643ad37fffe","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48539","summary":"In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00012,"ranking_epss":0.01642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c881220f499edcbdff9a7efdf00beeaeba084245","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48540","summary":"In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00014,"ranking_epss":0.02432,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/570e2d6e29ee10879150f868913c285a45a936b1","https://android.googlesource.com/platform/frameworks/native/+/7fb4755c9d93bf75de13f2bc458fbbb547a79dd6","https://android.googlesource.com/platform/frameworks/native/+/ba4ea3598e6dcea4b7b2202f4cec11eb1d85c2a7","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48541","summary":"In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.0124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/aba2077a6c03f6d7b1a315c275e186ea0f2c1b6b","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48542","summary":"In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.00924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/7ed50e5b5d568bc8be5d3603991aa9add67a7f44","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48543","summary":"In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.0031,"ranking_epss":0.54151,"kev":true,"propose_action":"Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.","ransomware_campaign":"Unknown","references":["https://android.googlesource.com/platform/art/+/444fc40dfb04d2ec5f74c443ed3a4dd45d3131f2","https://source.android.com/security/bulletin/2025-09-01","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48543"],"published_time":"2025-09-04T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48531","summary":"In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/cc1b1b5e493affcb1ef9c3543b10c89141f245c4","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48532","summary":"In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":5e-05,"ranking_epss":0.00253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48533","summary":"In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":4e-05,"ranking_epss":0.00193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-08-01"],"published_time":"2025-09-04T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48534","summary":"In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00069,"ranking_epss":0.21269,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/CellBroadcastService/+/584cec4f17eab96ac44bce4e1bce8d6a2c59cd75","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48535","summary":"In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00098,"ranking_epss":0.27079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/1e4423730f8776bd09df7614474643ae735d2176","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48537","summary":"In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":0.00011,"ranking_epss":0.0124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/63aab59ce13856799a7c24a70b35625d32ae5357","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48523","summary":"In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Contacts/+/7c8dbcffbc9382fcdb788919106c3b0525db83ab","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48524","summary":"In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":8e-05,"ranking_epss":0.00716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Wifi/+/298745e0cb23cbef631aff1977b284155384bbf0","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48526","summary":"In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":6e-05,"ranking_epss":0.00408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/IntentResolver/+/923a5673ac9d4b366097a8912a04e40e85111ed4","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48527","summary":"In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.0001,"ranking_epss":0.01097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/d8b1de7a18fc6a469c2d191ff9a0771f5d104fe4","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48528","summary":"In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":6e-05,"ranking_epss":0.00408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/ca71b9a63c40ef3fa741c76a2835146283fbb69a","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48529","summary":"In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.0032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/opt/telephony/+/e5cdca27526f5c2c358880538c7a15d8d5d5dd6d","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48530","summary":"In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00151,"ranking_epss":0.35907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-08-01"],"published_time":"2025-09-04T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32345","summary":"In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/6c9a5944dd0458b90263da2e4a4ba618c69779dd","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32346","summary":"In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32347","summary":"In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/25cfacbe5ac2423b8fe1375e0593ef69e98b8d09","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32349","summary":"In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":9e-05,"ranking_epss":0.00901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/394acf2aa1dade06c9cb2b98d92d6e585de31012","https://android.googlesource.com/platform/frameworks/base/+/e4a93e6ffdaf0e51c2effd26a222a4e0b66ea5cb","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32350","summary":"In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/47424521c49b638334ed676223e7191178074da9","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48522","summary":"In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/bdad29b85a6ca7c55a697e4e66356b744ef6cdb9","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32325","summary":"In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/96f0dd71bc07051e4faae44abf7121a3f7b5b2aa","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32326","summary":"In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check  due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/e8a17485771e54124abc08e8fb6c987bf83726a2","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32327","summary":"In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3f48b77e7cb9c15a76d42cfe4b2c771611625f9c","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32330","summary":"In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.0001,"ranking_epss":0.0107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/5b10581d2a91ddb256a1e37efcbcdb015091f5a1","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32331","summary":"In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/7f5cc94e82fca9b758c46c97d6be9cc38ef07208","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32332","summary":"In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32333","summary":"In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/591ea09a63e577a9ed666006e70430cc4f245078","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26454","summary":"In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":9e-05,"ranking_epss":0.00901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/03cadb65c0b6a91a480041aa9129e9dbf995279b","https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/d33d045407c5bd0000442667d9ef5c9fc3f590e5","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26464","summary":"In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/AppSearch/+/e272ad00529243f766c6ebd4e976549bd4fff4fb","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32321","summary":"In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/bb6e84fd04fcc3594750645982f8c667b0cd8c5e","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32323","summary":"In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.0124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/f0336ada165fdda955eaf6245b501779f36f0bd3","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32324","summary":"In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/0fb2788dac393086b7e53fbe05414368ae395d9b","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0076","summary":"In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"epss":5e-05,"ranking_epss":0.00258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/d6ad7f34eaf5f0452b93a650265ee432288c0978","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0089","summary":"In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00034,"ranking_epss":0.09967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/ed39b7c3895c8c63a1ccdbcc9783a2d3ca15127f","https://android.googlesource.com/platform/frameworks/base/+/f27918b39cffb404ed429829f93b20344310da34","https://android.googlesource.com/platform/frameworks/base/+/fd66d834553ffab769ef21017bff95bdfd138493","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22441","summary":"In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":5e-05,"ranking_epss":0.00253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-08-01"],"published_time":"2025-09-04T19:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49714","summary":"In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/6b669f231d0faf4658bb3ba6ea7f77d4d4a5e1b1","https://source.android.com/security/bulletin/2025-09-01"],"published_time":"2025-09-04T19:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26462","summary":"In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/7076b2b2bd3cceea45f5d3dfa5ee279da819c9e1","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26463","summary":"In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0001,"ranking_epss":0.01141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/4b630be2e2b30ff3c57128c660bfef6514193d25","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32312","summary":"In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00075,"ranking_epss":0.22754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/577cdba1048ce04816c962264a11efd02f1f5b73","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26452","summary":"In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/37a272435a238d8ca312b3ffeacac7dc348905e7","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26453","summary":"In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.00914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/495d32429fd801c6cd7fe5e568b9c805f47fb4ed","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26455","summary":"In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/av/+/e28ca0c3d70c67cda2a09dc2d663a3395b13c779","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26456","summary":"In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0005,"ranking_epss":0.15707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/art/+/06a99377e368b688dbeb4e6bb11b6e1dfca8bb70","https://android.googlesource.com/platform/art/+/1aedae6e1049aa794b3554183bf07634c8fa291b","https://android.googlesource.com/platform/art/+/3c76194d116bad95e11bda345feaedda6c02c8b4","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26458","summary":"In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/9d2acb2d3c5dae5ace5add3e1d0c0e3ab5cfb900","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26445","summary":"In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.0032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Connectivity/+/0eccf35b6b1b123996ee41e4cc078cf79c35be89","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26448","summary":"In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/3c1515f4d1942f2453554315a576ed874703f78b","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26449","summary":"In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.00924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/e3c4ba3c7963138cb4c189fbec829c08ab27fa08","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26450","summary":"In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/f48bf9a2e7c728d7010f8c9ad047fa76a869d3d4","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26440","summary":"In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/av/+/b9a047c94deb06ab7ff956e4fb50b19ddd70cf9a","https://android.googlesource.com/platform/frameworks/base/+/b90d4d01e1bfaacae0e1f144075f72b1fb036799","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26441","summary":"In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00081,"ranking_epss":0.24086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5e3953251ab50bcdb6058f5e5afc82d6271c6e1e","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26442","summary":"In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":8e-05,"ranking_epss":0.0079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/63f8849244d1817be2729f522a75424c219e9ecb","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26443","summary":"In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":8e-05,"ranking_epss":0.00707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/69a363847696f6f79f81038cad03c7950bc82054","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26444","summary":"In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is  automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/c439c7e75e73056e6201fa4f4fe340e715196182","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26435","summary":"In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/9dc0dd2c50ceb30ca5062ff3a02e48a8b4165863","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26436","summary":"In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":9e-05,"ranking_epss":0.00901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/bba26504af51d2dd3b8eddeb96e59cac8fcb9070","https://android.googlesource.com/platform/frameworks/base/+/ccba6717779fea0a86b6326f9925c36fc837738c","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26437","summary":"In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.0032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/c623bbe683082b602ecff0f33fbb439ffc1d2da3","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26438","summary":"In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.0015,"ranking_epss":0.35628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/e6130675c04752947ac4779c178ce70eb959a97f","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26427","summary":"In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":6e-05,"ranking_epss":0.0033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7","https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26428","summary":"In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":3.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.2,"epss":0.0001,"ranking_epss":0.01159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/afd05dc17e027734f665ac978ad6fb4584b6fd40","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26429","summary":"In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0001,"ranking_epss":0.01162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/0f3c01c326b6966590c652adec5baa61351756e4","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26430","summary":"In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/484b4be8f3634fa0d0fed53729490b9135c644b5","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26432","summary":"In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.00924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/a928f327359247449c214dbc0504b8af3648bacf","https://source.android.com/security/bulletin/2025-06-01"],"published_time":"2025-09-04T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26422","summary":"In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":6e-05,"ranking_epss":0.00408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/63ae789499395abc2b71fd46f57cac3c4ba1bd9d","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26423","summary":"In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":8e-05,"ranking_epss":0.00672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Wifi/+/01e708a7a9af970b3aa40cdca2cbde71d07a859b","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26424","summary":"In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":9e-05,"ranking_epss":0.00951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/1b4ee554c8234d1ac16105c92fee2ea0803b8a39","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26425","summary":"In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":9e-05,"ranking_epss":0.00951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Permission/+/850ce9ea3ac72540ce310722633d9c893a32dfdd","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26426","summary":"In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the \"android\" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00014,"ranking_epss":0.02354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/475f9914f71641f0eedc4a8412cf48f49290a60c","https://android.googlesource.com/platform/frameworks/base/+/99aae825ded253fe58695ceb853f2f631137f1c4","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0087","summary":"In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":7e-05,"ranking_epss":0.00582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/4c269d7b0ec71951f773844b2a325e556f982a9c","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22425","summary":"In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.0001,"ranking_epss":0.01062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/8575592802b9527fe0f7cf19e9cb7159c9aa5121","https://android.googlesource.com/platform/frameworks/base/+/942884abf148426e948774b4857052da77ef77b3","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26420","summary":"In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":6e-05,"ranking_epss":0.00294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Permission/+/6bed47f63ec0600b3c57388449db37405c68dc58","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26421","summary":"In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00013,"ranking_epss":0.02279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/b66817d2ed3b6ef29873bfe9857081cdef63681f","https://android.googlesource.com/platform/packages/apps/Settings/+/f16fa58405ed94703ea1886c483a2e2ce1c2b176","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49739","summary":"In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":2e-05,"ranking_epss":0.00046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0077","summary":"In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00012,"ranking_epss":0.01463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/37a4df78c7e1b91066b341b05fb767f27c5da835","https://android.googlesource.com/platform/frameworks/base/+/3b04c948727c35e6ad429eefc6aaa9c261addf12","https://android.googlesource.com/platform/frameworks/base/+/5f59ac63cb7042d58dae196e890ec52424ebe8b5","https://android.googlesource.com/platform/frameworks/base/+/8c290a4d87c27a4ad65757e97ff9e634d9fe865e","https://android.googlesource.com/platform/frameworks/base/+/a09b6451c99f8aa99c49a0e584e12be455c414f4","https://android.googlesource.com/platform/frameworks/base/+/c059123b8e9c0920a30f896513116a8b88bfc4e1","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35657","summary":"In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":6e-05,"ranking_epss":0.00389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/655dbc919736f0a67c5d408e91b6c0a47fb7ccc3","https://source.android.com/security/bulletin/2025-05-01"],"published_time":"2025-09-04T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36905","summary":"In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36906","summary":"In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36907","summary":"In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":6e-05,"ranking_epss":0.00298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36908","summary":"In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36909","summary":"Information disclosure","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00019,"ranking_epss":0.04964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36897","summary":"In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00201,"ranking_epss":0.42227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36898","summary":"There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36899","summary":"There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":9e-05,"ranking_epss":0.0086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36900","summary":"In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36901","summary":"WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00012,"ranking_epss":0.01728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36902","summary":"In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36903","summary":"In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36904","summary":"WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00031,"ranking_epss":0.08835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36887","summary":"In wl_cfgscan_update_v3_schedscan_results() of  wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-06-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36890","summary":"Elevation of Privilege","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00031,"ranking_epss":0.08835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36891","summary":"Elevation of privilege","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00029,"ranking_epss":0.0825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36892","summary":"Denial of service","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.0005,"ranking_epss":0.1543,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36893","summary":"In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36894","summary":"In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00198,"ranking_epss":0.41827,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36895","summary":"Information disclosure","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00022,"ranking_epss":0.05805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-36896","summary":"WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00031,"ranking_epss":0.08835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-09-01"],"published_time":"2025-09-04T10:42:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56189","summary":"In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00095,"ranking_epss":0.26501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-04-01"],"published_time":"2025-09-04T10:42:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56190","summary":"In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.0124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-04-01"],"published_time":"2025-09-04T10:42:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9867","summary":"Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"epss":0.00049,"ranking_epss":0.15232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/415496161"],"published_time":"2025-09-03T17:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9865","summary":"Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"epss":0.00043,"ranking_epss":0.13229,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/437147699"],"published_time":"2025-09-03T17:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21041","summary":"Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00017,"ranking_epss":0.03944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21034","summary":"Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00017,"ranking_epss":0.03996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21035","summary":"Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00024,"ranking_epss":0.06441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21032","summary":"Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"epss":0.00022,"ranking_epss":0.05806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21033","summary":"Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00016,"ranking_epss":0.03732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21029","summary":"Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00019,"ranking_epss":0.05068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21031","summary":"Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00019,"ranking_epss":0.05135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21026","summary":"Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00018,"ranking_epss":0.04787,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21027","summary":"Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00022,"ranking_epss":0.05781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21028","summary":"Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00017,"ranking_epss":0.04254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21025","summary":"Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00021,"ranking_epss":0.05508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09"],"published_time":"2025-09-03T06:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21480","summary":"Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.","cvss":8.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.5,"epss":0.00029,"ranking_epss":0.08335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21482","summary":"Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13  allows physical attackers to install package through Galaxy store before completion of Setup wizard.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"epss":0.00023,"ranking_epss":0.06064,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21477","summary":"Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"epss":0.00015,"ranking_epss":0.03267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21478","summary":"Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"epss":0.00023,"ranking_epss":0.06123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21479","summary":"Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.0008,"ranking_epss":0.23807,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21474","summary":"Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"epss":0.00014,"ranking_epss":0.02418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21475","summary":"Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00019,"ranking_epss":0.05129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21476","summary":"Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00019,"ranking_epss":0.05129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21470","summary":"Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00018,"ranking_epss":0.04787,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21471","summary":"Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00021,"ranking_epss":0.0553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21472","summary":"Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00087,"ranking_epss":0.25086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21473","summary":"Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00087,"ranking_epss":0.25086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21468","summary":"Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"epss":0.00019,"ranking_epss":0.05061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21469","summary":"Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00018,"ranking_epss":0.04787,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21466","summary":"PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00012,"ranking_epss":0.01871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04"],"published_time":"2025-09-03T06:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22438","summary":"In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/7ac747cb442d382c74a18d26268b7fc3751537ce","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22439","summary":"In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":5e-05,"ranking_epss":0.00253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/1f283d5b87d0c8f04a79d1d2a51ed4d9327ae864","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22442","summary":"In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":4e-05,"ranking_epss":0.00193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/2095d130b4d7f2ba1a3284abb58ca894817f5f4a","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26416","summary":"In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00184,"ranking_epss":0.40211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/skia/+/fc2ebb312c5898486776df981a51c2bb90e3756d","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22428","summary":"In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":9e-05,"ranking_epss":0.00942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/4a9cb946e978d9d93f9ee0a2c4c8ca41ba774540","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22429","summary":"In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00059,"ranking_epss":0.18798,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/ece83fb425b1e912a036e9985b710910e2e3ca37","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22430","summary":"In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/161eb6100d6f75f0a0df6da3d19da7fe842655c1","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22431","summary":"In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00014,"ranking_epss":0.02484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/79211e094a7363f28a06cea2737aa815339911ad","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22433","summary":"In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00015,"ranking_epss":0.02967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/d2216fc62a9e1253828bf4cfdf5395948f2e78c6","https://android.googlesource.com/platform/packages/modules/IntentResolver/+/20cef18d8d9b817823d8d8d505cc382d3b334f34","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22434","summary":"In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/2880f0ab2dc63dc6ea820afb79e9be523ecb7074","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22435","summary":"In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00044,"ranking_epss":0.13487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/efa5f4ef386a8947f4777840c5cefff389740e86","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22437","summary":"In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/339d20053956ec0f92384f0b7cefda4fa7126290","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22416","summary":"In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/82aa8527b7da3dbbc2f19c869b4ded106e140452","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22417","summary":"In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":5e-05,"ranking_epss":0.00253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/89e32320207c1f332dd84024a13b001320d8c63d","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22418","summary":"In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/ad9fb985df470bed5f77da4701f2aebe45af5ff3","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22419","summary":"In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":5e-05,"ranking_epss":0.00253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/services/Telephony/+/92f47baf4505e474376c0550e8b8cd25d19e74e2","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22421","summary":"In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":9e-05,"ranking_epss":0.00914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/3b0704fd381a1ea32591aba99be3a9e4e6830be2","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22422","summary":"In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00017,"ranking_epss":0.04248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/6894ba3da6da99eb0ef63d95bf1b19080d302eda","https://android.googlesource.com/platform/packages/apps/Settings/+/1c0ab9c696d736da0176aa00f7effa31c905430e","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22423","summary":"In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00217,"ranking_epss":0.44251,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/dng_sdk/+/748dbd7dfcecb19f3a19caaba4285e059f32d2dd","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22427","summary":"In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":8e-05,"ranking_epss":0.00765,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/7255b2eaac4b5cb1bc3bbf23509b33c7355a8657","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49720","summary":"In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Permission/+/e02775c62a81b99ba4cc693dd1885cc70c0bd5cf","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49722","summary":"In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":8e-05,"ranking_epss":0.00776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/2b4d662a462c6b0269a6e6035ce443ec29fd860e","https://android.googlesource.com/platform/frameworks/base/+/8cba0e8bcfc291977f33f14fba0bd2b7f7fe8f6c","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49728","summary":"In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/4b65cbb339db4d3a7a9a6100cb2e7c9f1ece9271","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49730","summary":"In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/961c8cbd2a489277876aeffa40ebdee5eae29f1f","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40653","summary":"In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.00031,"ranking_epss":0.08717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/services/Telecomm/+/12016109c473d8d880333556726b1dcbce041e41","https://android.googlesource.com/platform/packages/services/Telecomm/+/9211d16c49de08a87e2e09380f6076ffd5196987","https://android.googlesource.com/platform/packages/services/Telecomm/+/c6e005381b8f0b80f2a1e0ea6e8093e990e1790e","https://source.android.com/security/bulletin/2025-04-01"],"published_time":"2025-09-02T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20707","summary":"In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/September-2025"],"published_time":"2025-09-01T06:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20705","summary":"In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/September-2025"],"published_time":"2025-09-01T06:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20706","summary":"In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/September-2025"],"published_time":"2025-09-01T06:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9695","summary":"A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.00022,"ranking_epss":0.0595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md","https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md#steps-to-reproduce","https://vuldb.com/?ctiid.321906","https://vuldb.com/?id.321906","https://vuldb.com/?submit.639039","https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md","https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md#steps-to-reproduce"],"published_time":"2025-08-30T16:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9677","summary":"A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.00029,"ranking_epss":0.08125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md","https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md#steps-to-reproduce","https://vuldb.com/?ctiid.321889","https://vuldb.com/?id.321889","https://vuldb.com/?submit.638078","https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md","https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md#steps-to-reproduce"],"published_time":"2025-08-29T21:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9674","summary":"A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.00029,"ranking_epss":0.08125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md","https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md#steps-to-reproduce","https://vuldb.com/?ctiid.321884","https://vuldb.com/?id.321884","https://vuldb.com/?submit.638068","https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md","https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md#steps-to-reproduce"],"published_time":"2025-08-29T21:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9675","summary":"A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.00029,"ranking_epss":0.08125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md","https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce","https://vuldb.com/?ctiid.321887","https://vuldb.com/?id.321887","https://vuldb.com/?submit.638073","https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md","https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce"],"published_time":"2025-08-29T21:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22407","summary":"In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":6e-05,"ranking_epss":0.00391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22408","summary":"In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00214,"ranking_epss":0.43991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22409","summary":"In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":8e-05,"ranking_epss":0.00721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22410","summary":"In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":8e-05,"ranking_epss":0.00721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22411","summary":"In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00021,"ranking_epss":0.05706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22412","summary":"In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00021,"ranking_epss":0.05706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22413","summary":"In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00013,"ranking_epss":0.02141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c","https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26417","summary":"In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00021,"ranking_epss":0.05544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/ed764e06106adef1cff5178c6df038fd054e7bec","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0084","summary":"In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.0005,"ranking_epss":0.15583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/94c565214e3496fbaade9efed8be41d6425ba21e","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0086","summary":"In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00014,"ranking_epss":0.02561,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/c1aa9e662464b8fa49765d53a82efa8e06bb176a","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0092","summary":"In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":9e-05,"ranking_epss":0.00925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/090ca53cc13c12e3763777a6a3c7367641e9808f","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0093","summary":"In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00099,"ranking_epss":0.27696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/090ca53cc13c12e3763777a6a3c7367641e9808f","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22403","summary":"In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00245,"ranking_epss":0.47767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/37bcf769c1aa8dfa8e5524858d47f6a80b765fa4","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22404","summary":"In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":9e-05,"ranking_epss":0.00888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22405","summary":"In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":8e-05,"ranking_epss":0.00721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-22406","summary":"In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":8e-05,"ranking_epss":0.00721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0074","summary":"In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00354,"ranking_epss":0.57717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/37bcf769c1aa8dfa8e5524858d47f6a80b765fa4","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0075","summary":"In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00354,"ranking_epss":0.57717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5959f8bcf4efe924b0ba4dbcbfe83e602f0eb0ac","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0078","summary":"In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00057,"ranking_epss":0.18155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/c32d4defe0f4e5cad86437d6672de7a76caf1a79","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0079","summary":"In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00011,"ranking_epss":0.01272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b1e6d8d1e393d246a0738c92747a0bef98e67a30","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0080","summary":"In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/5916a3de10fa9ca6a9b31f489be1838c0a1613f4","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0081","summary":"In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00163,"ranking_epss":0.3739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/dng_sdk/+/7fc02c8d5af37c97b325dc2956f4a6117c145c2f","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0082","summary":"In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":8e-05,"ranking_epss":0.00776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/7ba8c8f63f1b13b127c871749314a242ff022ae2","https://android.googlesource.com/platform/packages/services/Telecomm/+/685c2fc2f6b40bb2113db77da270c7b7220791c4","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0083","summary":"In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":9e-05,"ranking_epss":0.0083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/7ba8c8f63f1b13b127c871749314a242ff022ae2","https://android.googlesource.com/platform/packages/services/Telecomm/+/685c2fc2f6b40bb2113db77da270c7b7220791c4","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49740","summary":"In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00013,"ranking_epss":0.01925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/bcb1316835dc31f33f0c3b409ee847c389c09d2b","https://android.googlesource.com/platform/packages/services/Telephony/+/b1ab472f0f56146387d3822318394cb2525ad34c","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21125","summary":"In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"epss":0.00017,"ranking_epss":0.04186,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/system/bt/+/e7b978841deb331ff5e5849388fa92ee4c40f979","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2025-08-26T23:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8041","summary":"In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00036,"ranking_epss":0.10699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1670725","https://www.mozilla.org/security/advisories/mfsa2025-56/","https://bugzilla.mozilla.org/show_bug.cgi?id=1670725"],"published_time":"2025-08-19T21:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8042","summary":"Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00067,"ranking_epss":0.20949,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1791322","https://www.mozilla.org/security/advisories/mfsa2025-56/"],"published_time":"2025-08-19T21:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8364","summary":"A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.\n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00034,"ranking_epss":0.10054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1909609","https://bugzilla.mozilla.org/show_bug.cgi?id=1969937","https://www.mozilla.org/security/advisories/mfsa2025-56/"],"published_time":"2025-08-19T21:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21024","summary":"Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"epss":6e-05,"ranking_epss":0.00315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=08"],"published_time":"2025-08-06T05:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21015","summary":"Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00024,"ranking_epss":0.06608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=08"],"published_time":"2025-08-06T05:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20990","summary":"Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00018,"ranking_epss":0.04787,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=08"],"published_time":"2025-08-06T05:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21010","summary":"Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"epss":0.00018,"ranking_epss":0.04437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=08"],"published_time":"2025-08-06T05:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21014","summary":"Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00013,"ranking_epss":0.02076,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=08"],"published_time":"2025-08-06T05:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20698","summary":"In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/August-2025"],"published_time":"2025-08-04T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20697","summary":"In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":7e-05,"ranking_epss":0.00462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/August-2025"],"published_time":"2025-08-04T02:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20696","summary":"In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00013,"ranking_epss":0.02198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/August-2025"],"published_time":"2025-08-04T02:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21005","summary":"Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00022,"ranking_epss":0.05987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21006","summary":"Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00017,"ranking_epss":0.04277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21007","summary":"Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0003,"ranking_epss":0.08436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21008","summary":"Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00031,"ranking_epss":0.08775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21009","summary":"Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00031,"ranking_epss":0.08775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20999","summary":"Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"epss":0.00021,"ranking_epss":0.05725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21000","summary":"Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00028,"ranking_epss":0.07978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21001","summary":"Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00027,"ranking_epss":0.07444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21002","summary":"Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00027,"ranking_epss":0.07444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21003","summary":"Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00023,"ranking_epss":0.06193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20982","summary":"Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"epss":0.00016,"ranking_epss":0.03664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20983","summary":"Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"epss":0.00016,"ranking_epss":0.03664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07"],"published_time":"2025-07-08T11:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20693","summary":"In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00025,"ranking_epss":0.06674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/July-2025"],"published_time":"2025-07-08T03:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20694","summary":"In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00046,"ranking_epss":0.14405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/July-2025"],"published_time":"2025-07-08T03:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20695","summary":"In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00046,"ranking_epss":0.14405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/July-2025"],"published_time":"2025-07-08T03:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46707","summary":"Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.","cvss":5.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.2,"epss":0.00028,"ranking_epss":0.07773,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.imaginationtech.com/gpu-driver-vulnerabilities/"],"published_time":"2025-06-27T17:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46708","summary":"Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00031,"ranking_epss":0.08982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.imaginationtech.com/gpu-driver-vulnerabilities/"],"published_time":"2025-06-27T17:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6431","summary":"When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. \n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00046,"ranking_epss":0.14233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1942716","https://www.mozilla.org/security/advisories/mfsa2025-51/"],"published_time":"2025-06-24T13:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6428","summary":"When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00058,"ranking_epss":0.18226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1970151","https://www.mozilla.org/security/advisories/mfsa2025-51/"],"published_time":"2025-06-24T13:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20992","summary":"Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00083,"ranking_epss":0.24436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20993","summary":"Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00104,"ranking_epss":0.28502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20981","summary":"Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00089,"ranking_epss":0.25459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20985","summary":"Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00074,"ranking_epss":0.22414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20987","summary":"Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.","cvss":5.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.2,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20988","summary":"Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00067,"ranking_epss":0.20951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20989","summary":"Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.","cvss":5.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.2,"epss":0.0007,"ranking_epss":0.21574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20991","summary":"Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00096,"ranking_epss":0.26649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06"],"published_time":"2025-06-04T05:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31710","summary":"In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"epss":0.00026,"ranking_epss":0.06998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1929773763314909186"],"published_time":"2025-06-03T06:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31711","summary":"In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00025,"ranking_epss":0.06889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1929773763314909186"],"published_time":"2025-06-03T06:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31712","summary":"In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00025,"ranking_epss":0.06889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1929773763314909186"],"published_time":"2025-06-03T06:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27700","summary":"There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00025,"ranking_epss":0.06941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-05-01"],"published_time":"2025-05-27T16:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27701","summary":"In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00026,"ranking_epss":0.07284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-05-01"],"published_time":"2025-05-27T16:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56193","summary":"There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00027,"ranking_epss":0.07693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-05-01"],"published_time":"2025-05-27T16:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-25262","summary":"Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"epss":0.0018,"ranking_epss":0.39651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://yandex.com/bugbounty/i/hall-of-fame-browser/"],"published_time":"2025-05-21T07:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20979","summary":"Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00023,"ranking_epss":0.06096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20980","summary":"Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00022,"ranking_epss":0.05774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20967","summary":"Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00218,"ranking_epss":0.44399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20968","summary":"Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"epss":0.00285,"ranking_epss":0.51927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20969","summary":"Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00073,"ranking_epss":0.22241,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20960","summary":"Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00078,"ranking_epss":0.2323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20961","summary":"Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00052,"ranking_epss":0.16255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20962","summary":"Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00096,"ranking_epss":0.2674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20963","summary":"Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00064,"ranking_epss":0.20001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20964","summary":"Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00064,"ranking_epss":0.20001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20966","summary":"Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00119,"ranking_epss":0.30968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20953","summary":"Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00074,"ranking_epss":0.2249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20954","summary":"Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00067,"ranking_epss":0.20804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20955","summary":"Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00062,"ranking_epss":0.19447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20957","summary":"Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.00059,"ranking_epss":0.18616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20958","summary":"Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00075,"ranking_epss":0.22778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20959","summary":"Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00069,"ranking_epss":0.21326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20937","summary":"Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00082,"ranking_epss":0.24154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05"],"published_time":"2025-05-07T09:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20668","summary":"In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0002,"ranking_epss":0.05438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/May-2025"],"published_time":"2025-05-05T03:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20671","summary":"In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00013,"ranking_epss":0.01902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/May-2025"],"published_time":"2025-05-05T03:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20665","summary":"In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00018,"ranking_epss":0.04306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/May-2025"],"published_time":"2025-05-05T03:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20952","summary":"Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00062,"ranking_epss":0.19447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-09T08:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20947","summary":"Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00067,"ranking_epss":0.20804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20948","summary":"Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00067,"ranking_epss":0.20951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20936","summary":"Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00059,"ranking_epss":0.18525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20938","summary":"Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00062,"ranking_epss":0.19447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20941","summary":"Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00066,"ranking_epss":0.20466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20942","summary":"Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00075,"ranking_epss":0.22778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20943","summary":"Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"epss":0.00073,"ranking_epss":0.22164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20944","summary":"Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00067,"ranking_epss":0.20951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20934","summary":"Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00062,"ranking_epss":0.19447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04"],"published_time":"2025-04-08T05:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20661","summary":"In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00026,"ranking_epss":0.0727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20662","summary":"In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00026,"ranking_epss":0.0727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20655","summary":"In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00023,"ranking_epss":0.06081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20656","summary":"In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00046,"ranking_epss":0.14279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20657","summary":"In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00026,"ranking_epss":0.0727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20658","summary":"In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"epss":0.0004,"ranking_epss":0.12297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20660","summary":"In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00026,"ranking_epss":0.0727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/April-2025"],"published_time":"2025-04-07T04:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3067","summary":"Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00207,"ranking_epss":0.43016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/376491759","https://taptrap.click"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56192","summary":"In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":9e-05,"ranking_epss":0.00918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01"],"published_time":"2025-03-10T21:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56191","summary":"In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00011,"ranking_epss":0.01223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01"],"published_time":"2025-03-10T21:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56185","summary":"In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00011,"ranking_epss":0.01232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-03-01"],"published_time":"2025-03-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56186","summary":"In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.0001,"ranking_epss":0.01132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-03-01"],"published_time":"2025-03-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56187","summary":"In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00013,"ranking_epss":0.02253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-03-01"],"published_time":"2025-03-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56188","summary":"there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00025,"ranking_epss":0.06615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-03-01"],"published_time":"2025-03-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-56184","summary":"In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.0001,"ranking_epss":0.01132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2025-03-01"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20926","summary":"Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00026,"ranking_epss":0.07232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03"],"published_time":"2025-03-06T05:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20908","summary":"Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00054,"ranking_epss":0.17045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"],"published_time":"2025-03-06T05:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20909","summary":"Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00028,"ranking_epss":0.07851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"],"published_time":"2025-03-06T05:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20903","summary":"Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.00019,"ranking_epss":0.0487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"],"published_time":"2025-03-06T05:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1917","summary":"Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00087,"ranking_epss":0.25089,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/329476341"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1922","summary":"Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00083,"ranking_epss":0.24486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/384033062"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20652","summary":"In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00018,"ranking_epss":0.04375,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2025"],"published_time":"2025-03-03T03:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20653","summary":"In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":8e-05,"ranking_epss":0.00688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2025"],"published_time":"2025-03-03T03:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20645","summary":"In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0001,"ranking_epss":0.01002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2025"],"published_time":"2025-03-03T03:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20648","summary":"In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0001,"ranking_epss":0.01023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2025"],"published_time":"2025-03-03T03:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20650","summary":"In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"epss":0.00021,"ranking_epss":0.0551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2025"],"published_time":"2025-03-03T03:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20651","summary":"In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"epss":0.00014,"ranking_epss":0.02326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/March-2025"],"published_time":"2025-03-03T03:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39441","summary":"In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":0.00035,"ranking_epss":0.10134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298"],"published_time":"2025-02-26T13:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20904","summary":"Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"epss":0.0011,"ranking_epss":0.29399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02"],"published_time":"2025-02-04T08:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20905","summary":"Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"epss":0.00098,"ranking_epss":0.27068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02"],"published_time":"2025-02-04T08:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20907","summary":"Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"epss":0.0006,"ranking_epss":0.19008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02"],"published_time":"2025-02-04T08:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20890","summary":"Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00111,"ranking_epss":0.29672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20891","summary":"Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00126,"ranking_epss":0.31929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20892","summary":"Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"epss":0.0017,"ranking_epss":0.38275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20893","summary":"Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00097,"ranking_epss":0.26857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20882","summary":"Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00063,"ranking_epss":0.19903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20883","summary":"Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00122,"ranking_epss":0.31439,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20884","summary":"Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00158,"ranking_epss":0.36702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20885","summary":"Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"epss":0.0011,"ranking_epss":0.29399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20886","summary":"Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"epss":0.00075,"ranking_epss":0.22779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20887","summary":"Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00126,"ranking_epss":0.31929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20888","summary":"Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00111,"ranking_epss":0.29672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20889","summary":"Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00126,"ranking_epss":0.31929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20881","summary":"Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00063,"ranking_epss":0.19903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01"],"published_time":"2025-02-04T08:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20640","summary":"In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00056,"ranking_epss":0.17665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20641","summary":"In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00027,"ranking_epss":0.07506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20642","summary":"In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00043,"ranking_epss":0.13192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20643","summary":"In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"epss":0.00034,"ranking_epss":0.1001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20635","summary":"In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00044,"ranking_epss":0.1372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20636","summary":"In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00022,"ranking_epss":0.05966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20638","summary":"In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00052,"ranking_epss":0.16333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-20639","summary":"In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00043,"ranking_epss":0.13192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20141","summary":"In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00044,"ranking_epss":0.1372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20142","summary":"In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00043,"ranking_epss":0.13192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20147","summary":"In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.02215,"ranking_epss":0.84418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/February-2025"],"published_time":"2025-02-03T04:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40649","summary":"In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00031,"ranking_epss":0.08942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40651","summary":"In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.0003,"ranking_epss":0.08513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40669","summary":"In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.0003,"ranking_epss":0.08513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40670","summary":"In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00039,"ranking_epss":0.11839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40672","summary":"In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":6e-05,"ranking_epss":0.00305,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727","https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40673","summary":"In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.0166,"ranking_epss":0.8201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/libcore/+/b17fd2f8fe468e7d32e713b442f610cd33e4e7a9","https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40674","summary":"In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00121,"ranking_epss":0.31247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Wifi/+/debc548ac085ba1ab0582172b97d965e9a1ea43a","https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40675","summary":"In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00167,"ranking_epss":0.37918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/c6b5490ec659b5854fd429f453f75de5befa6359","https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40676","summary":"In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"epss":0.00109,"ranking_epss":0.29359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/e8a53246607b52b15269f97aef9ba7e928ba2473","https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40677","summary":"In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":5e-05,"ranking_epss":0.00273,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb","https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34732","summary":"In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00023,"ranking_epss":0.06042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34733","summary":"In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00029,"ranking_epss":0.08331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34748","summary":"In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00031,"ranking_epss":0.08942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-10-01"],"published_time":"2025-01-28T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13317","summary":"In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.00071,"ranking_epss":0.21893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-05-01"],"published_time":"2025-01-28T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13318","summary":"In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.00071,"ranking_epss":0.21893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-05-01"],"published_time":"2025-01-28T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9373","summary":"In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01588,"ranking_epss":0.81567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2025-01-28T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9378","summary":"In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00027,"ranking_epss":0.0739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-28T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38009","summary":"IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"epss":0.00058,"ranking_epss":0.18491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7172691","https://www.ibm.com/support/pages/node/7172692"],"published_time":"2025-01-26T16:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49747","summary":"In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.05167,"ranking_epss":0.89861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49748","summary":"In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.05601,"ranking_epss":0.90276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49749","summary":"In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.02691,"ranking_epss":0.85805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49724","summary":"In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":7e-05,"ranking_epss":0.00455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49732","summary":"In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00032,"ranking_epss":0.09274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49733","summary":"In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00047,"ranking_epss":0.14734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49734","summary":"In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.013,"ranking_epss":0.79681,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49735","summary":"In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00032,"ranking_epss":0.09274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49736","summary":"In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00071,"ranking_epss":0.21751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49737","summary":"In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00051,"ranking_epss":0.16019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49738","summary":"In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00073,"ranking_epss":0.22194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49742","summary":"In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00038,"ranking_epss":0.11403,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49744","summary":"In  checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation  due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49745","summary":"In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00073,"ranking_epss":0.22194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34730","summary":"In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43095","summary":"In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00042,"ranking_epss":0.13049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43096","summary":"In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00249,"ranking_epss":0.4816,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43763","summary":"In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00138,"ranking_epss":0.34036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43765","summary":"In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00045,"ranking_epss":0.13899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43770","summary":"In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00043,"ranking_epss":0.1335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43771","summary":"In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00099,"ranking_epss":0.27723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40108","summary":"In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00019,"ranking_epss":0.0506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40132","summary":"In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":4e-05,"ranking_epss":0.00158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2025-01-01"],"published_time":"2025-01-21T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9461","summary":"In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.00016,"ranking_epss":0.03821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-08-01"],"published_time":"2025-01-18T00:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9464","summary":"In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00021,"ranking_epss":0.05644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-08-01"],"published_time":"2025-01-18T00:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9389","summary":"In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00034,"ranking_epss":0.09938,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-18T00:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9401","summary":"In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00019,"ranking_epss":0.05155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-18T00:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9405","summary":"In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00016,"ranking_epss":0.03359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-18T00:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9406","summary":"In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0002,"ranking_epss":0.05411,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-18T00:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9387","summary":"In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00021,"ranking_epss":0.05595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-18T00:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9383","summary":"In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00026,"ranking_epss":0.07051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-17T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9384","summary":"In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":3e-05,"ranking_epss":0.00131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-17T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9434","summary":"In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":4e-05,"ranking_epss":0.00151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-07-01"],"published_time":"2025-01-17T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9447","summary":"In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00033,"ranking_epss":0.09575,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-08-01"],"published_time":"2025-01-17T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9375","summary":"In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00041,"ranking_epss":0.1243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-17T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9379","summary":"In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00022,"ranking_epss":0.05781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-17T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9382","summary":"In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00019,"ranking_epss":0.05155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2025-01-17T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13322","summary":"In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed.  User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00099,"ranking_epss":0.2774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-05-01"],"published_time":"2025-01-17T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0435","summary":"Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00163,"ranking_epss":0.37367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/379652406"],"published_time":"2025-01-15T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35685","summary":"In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00027,"ranking_epss":0.07576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issuetracker.google.com/issues/42420027"],"published_time":"2025-01-08T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0246","summary":"When using an invalid protocol scheme, an attacker could spoof the address bar. \n*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*\n*Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00136,"ranking_epss":0.33465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1912709","https://www.mozilla.org/security/advisories/mfsa2025-01/"],"published_time":"2025-01-07T16:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20148","summary":"In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00134,"ranking_epss":0.33107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20152","summary":"In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00025,"ranking_epss":0.06652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20153","summary":"In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00676,"ranking_epss":0.71438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20105","summary":"In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00041,"ranking_epss":0.1249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20140","summary":"In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00022,"ranking_epss":0.05745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20143","summary":"In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00058,"ranking_epss":0.18371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20144","summary":"In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00058,"ranking_epss":0.18371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20145","summary":"In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"epss":0.00058,"ranking_epss":0.18371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20146","summary":"In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.00054,"ranking_epss":0.17234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/January-2025"],"published_time":"2025-01-06T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11624","summary":"there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47032","summary":"In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0003,"ranking_epss":0.08429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53833","summary":"In prepare_response_locked of  lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0003,"ranking_epss":0.08569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53834","summary":"In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00783,"ranking_epss":0.73704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53835","summary":"there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53836","summary":"In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00031,"ranking_epss":0.08935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53837","summary":"In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00035,"ranking_epss":0.1012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53838","summary":"In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00039,"ranking_epss":0.11946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53839","summary":"In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0005,"ranking_epss":0.15623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53840","summary":"there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53841","summary":"In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53842","summary":"In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.02849,"ranking_epss":0.86171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-12-01"],"published_time":"2025-01-03T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43769","summary":"In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00029,"ranking_epss":0.08373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/619ffc299bf33566ba6daee8301ee0fc96e015f4","https://source.android.com/security/bulletin/2024-12-01"],"published_time":"2025-01-03T01:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43077","summary":"In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00033,"ranking_epss":0.09446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-12-01"],"published_time":"2025-01-03T01:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43097","summary":"In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00912,"ranking_epss":0.75801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7","https://source.android.com/security/bulletin/2024-12-01","https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html"],"published_time":"2025-01-03T01:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43762","summary":"In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00257,"ranking_epss":0.49048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/ae43ac7f3d3d5112b0f54b5315a15b08208acf9c","https://source.android.com/security/bulletin/2024-12-01"],"published_time":"2025-01-03T01:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43764","summary":"In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/70eb75df7d342429c3ee225feb7c011df727442f","https://source.android.com/security/bulletin/2024-12-01"],"published_time":"2025-01-03T01:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43767","summary":"In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01765,"ranking_epss":0.82569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807","https://source.android.com/security/bulletin/2024-12-01"],"published_time":"2025-01-03T01:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43768","summary":"In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00197,"ranking_epss":0.41658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93","https://source.android.com/security/bulletin/2024-12-01"],"published_time":"2025-01-03T01:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53647","summary":"Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00096,"ranking_epss":0.26637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpcenter.trendmicro.com/en-us/article/tmka-06710"],"published_time":"2024-12-31T16:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49422","summary":"Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.","cvss":5.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.2,"epss":0.00074,"ranking_epss":0.22483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-12-31T09:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47038","summary":"In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0017,"ranking_epss":0.38267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-11-01"],"published_time":"2024-12-18T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47039","summary":"In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00231,"ranking_epss":0.45878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-11-01"],"published_time":"2024-12-18T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47040","summary":"There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0017,"ranking_epss":0.38267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-11-01"],"published_time":"2024-12-18T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11358","summary":"Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"epss":0.00047,"ranking_epss":0.14622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://mattermost.com/security-updates"],"published_time":"2024-12-16T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9386","summary":"In reboot_block_command of htc reboot_block driver, there is a possible\n    stack buffer overflow due to a missing bounds check. This could lead to\n    local escalation of privilege with System execution privileges needed. User\n    interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00033,"ranking_epss":0.0968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9388","summary":"In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00147,"ranking_epss":0.35129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9390","summary":"In procfile_write of gl_proc.c, there is a possible out of  bounds read of a\n    function pointer due to an incorrect bounds check. This could lead to local\n    escalation of privilege with System execution privileges needed. User\n    interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00062,"ranking_epss":0.19504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9391","summary":"In update_gps_sv and output_vzw_debug of\n    vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor\n    ker.c, there is a possible out of bounds write due to a missing bounds\n    check. This could lead to local escalation of privilege with System\n    execution privileges needed. User interaction is not needed for\n    exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00035,"ranking_epss":0.10274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13308","summary":"In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0003,"ranking_epss":0.08658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9408","summary":"In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of\n    Bounds Read due to a missing bounds check. This could lead to a local\n    information disclosure with System execution privileges needed. User\n    interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00031,"ranking_epss":0.08693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9416","summary":"In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to\n    an unusual root cause. This could lead to local escalation of privilege with\n    System execution privileges needed. User interaction is not needed for\n    exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00042,"ranking_epss":0.12887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-05T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9439","summary":"In __unregister_prot_hook and packet_release of af_packet.c, there is a\n    possible use-after-free due to improper locking. This could lead to local\n    escalation of privilege in the kernel with System execution privileges\n    needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00024,"ranking_epss":0.06446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-08-01"],"published_time":"2024-12-05T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9462","summary":"In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to\n    an incorrect bounds check. This could lead to local escalation of privilege\n    with System execution privileges needed. User interaction is not needed for\n    exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-08-01"],"published_time":"2024-12-05T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9463","summary":"In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible\n    out of bounds write due to an incorrect bounds check. This could lead to\n    local escalation of privilege with System execution privileges needed. User\n    interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-08-01"],"published_time":"2024-12-05T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9398","summary":"In fm_set_stat of mediatek FM radio driver, there is a possible OOB write\n    due to improper input validation. This could lead to local escalation of\n    privilege with System execution privileges needed. User interaction is not\n    needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00012,"ranking_epss":0.0184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9399","summary":"In /proc/driver/wmt_dbg driver, there are several possible out of bounds\n    writes. These could lead to local escalation of privilege with System\n    execution privileges needed. User interaction is not needed for\n    exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9400","summary":"In gt1x_debug_write_proc and gt1x_tool_write of\n    drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c,\n    there is a possible out of bounds write due to a missing bounds check. This\n    could lead to local escalation of privilege with System execution privileges\n    needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9402","summary":"In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00039,"ranking_epss":0.12055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9403","summary":"In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_-\n    interface.c, there is a possible stack buffer overflow due to a missing\n    bounds check. This could lead to local escalation of privilege in a\n    privileged process with System execution privileges needed. User interaction\n    is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9404","summary":"In oemCallback of ril.cpp, there is a possible out of bounds write due to an\n    integer overflow. This could lead to local escalation of privilege with\n    System execution privileges needed. User interaction is not needed for\n    exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9407","summary":"In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to  Information Disclosure of kernel data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00048,"ranking_epss":0.1507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9397","summary":"In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB\n    write due to a missing bounds check. This could lead to local escalation of\n    privilege with System execution privileges needed. User interaction is not\n    needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-05T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9396","summary":"In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-04T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9394","summary":"In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00012,"ranking_epss":0.0184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-04T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9395","summary":"In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-04T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9393","summary":"In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-04T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9392","summary":"In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00017,"ranking_epss":0.03937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-04T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49421","summary":"Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00293,"ranking_epss":0.52555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12"],"published_time":"2024-12-03T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49411","summary":"Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"epss":0.00142,"ranking_epss":0.34535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12"],"published_time":"2024-12-03T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49413","summary":"Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":0.00055,"ranking_epss":0.17419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12"],"published_time":"2024-12-03T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49414","summary":"Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"epss":0.00035,"ranking_epss":0.10138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12"],"published_time":"2024-12-03T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49415","summary":"Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.06038,"ranking_epss":0.90687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12"],"published_time":"2024-12-03T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49410","summary":"Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"epss":0.00067,"ranking_epss":0.20808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12"],"published_time":"2024-12-03T06:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9441","summary":"In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00073,"ranking_epss":0.22279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-08-01"],"published_time":"2024-12-03T01:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9449","summary":"In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00056,"ranking_epss":0.17707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-08-01"],"published_time":"2024-12-03T01:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9429","summary":"In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.0023,"ranking_epss":0.45825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9430","summary":"In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.05061,"ranking_epss":0.89746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9431","summary":"In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00026,"ranking_epss":0.07033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9435","summary":"In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00076,"ranking_epss":0.22894,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-08-01"],"published_time":"2024-12-02T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9418","summary":"In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00166,"ranking_epss":0.37777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T22:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9423","summary":"In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00135,"ranking_epss":0.33325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T22:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9426","summary":"In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00179,"ranking_epss":0.39565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T22:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9376","summary":"In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00031,"ranking_epss":0.08757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9413","summary":"In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00192,"ranking_epss":0.41139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9414","summary":"In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00054,"ranking_epss":0.17023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-07-01"],"published_time":"2024-12-02T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9381","summary":"In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00193,"ranking_epss":0.4127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-02T20:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9380","summary":"In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01762,"ranking_epss":0.82558,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-12-02T20:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20138","summary":"In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00486,"ranking_epss":0.65351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20139","summary":"In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00065,"ranking_epss":0.20349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20129","summary":"In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.01737,"ranking_epss":0.82424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20130","summary":"In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20134","summary":"In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00069,"ranking_epss":0.21446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20135","summary":"In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00036,"ranking_epss":0.10791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20136","summary":"In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00047,"ranking_epss":0.14569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20125","summary":"In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00023,"ranking_epss":0.06144,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20127","summary":"In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.02,"ranking_epss":0.83602,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20128","summary":"In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2024.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.02,"ranking_epss":0.83602,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20116","summary":"In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00033,"ranking_epss":0.09429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/December-2024"],"published_time":"2024-12-02T04:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9377","summary":"In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0002,"ranking_epss":0.05389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-28T01:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9374","summary":"In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-28T00:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9351","summary":"In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00881,"ranking_epss":0.75317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-27T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9352","summary":"In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.01193,"ranking_epss":0.7881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-27T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9353","summary":"In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00881,"ranking_epss":0.75317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-27T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9354","summary":"In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.01193,"ranking_epss":0.7881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-27T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9349","summary":"In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00081,"ranking_epss":0.24057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-27T22:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9350","summary":"In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00062,"ranking_epss":0.19534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-06-01"],"published_time":"2024-11-27T22:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13320","summary":"In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00062,"ranking_epss":0.19534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-05-01"],"published_time":"2024-11-27T22:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13321","summary":"In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00022,"ranking_epss":0.05736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-05-01"],"published_time":"2024-11-27T22:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13323","summary":"In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00014,"ranking_epss":0.0233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-05-01"],"published_time":"2024-11-27T22:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13316","summary":"In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":3e-05,"ranking_epss":0.00136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2018-05-01"],"published_time":"2024-11-27T20:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13319","summary":"In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00243,"ranking_epss":0.47525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/docs/security/bulletin/pixel/2018-05-01"],"published_time":"2024-11-27T20:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9482","summary":"In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00074,"ranking_epss":0.22496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9483","summary":"In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00326,"ranking_epss":0.55559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9484","summary":"In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00529,"ranking_epss":0.67166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9485","summary":"In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00305,"ranking_epss":0.53674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9486","summary":"In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00108,"ranking_epss":0.29113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9487","summary":"In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00073,"ranking_epss":0.22205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9470","summary":"In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01979,"ranking_epss":0.83516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9471","summary":"In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00139,"ranking_epss":0.34111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9472","summary":"In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01944,"ranking_epss":0.8339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9474","summary":"In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00025,"ranking_epss":0.06805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9475","summary":"In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01584,"ranking_epss":0.81538,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9477","summary":"In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9478","summary":"In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.  User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.02666,"ranking_epss":0.85741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9479","summary":"In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.  User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.0591,"ranking_epss":0.90565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9480","summary":"In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00546,"ranking_epss":0.67786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9481","summary":"In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00088,"ranking_epss":0.25319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d@%3Cdev.trafficserver.apache.org%3E"],"published_time":"2024-11-20T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9469","summary":"In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00027,"ranking_epss":0.07564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9468","summary":"In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"epss":0.00023,"ranking_epss":0.05996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9467","summary":"In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.00142,"ranking_epss":0.3447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-20T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9440","summary":"In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00157,"ranking_epss":0.36593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-19T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9456","summary":"In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.04228,"ranking_epss":0.88727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01"],"published_time":"2024-11-19T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9466","summary":"In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.02826,"ranking_epss":0.86114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-09-01","https://security.netapp.com/advisory/ntap-20241108-0002/"],"published_time":"2024-11-19T23:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9420","summary":"In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00041,"ranking_epss":0.12634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9421","summary":"In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00041,"ranking_epss":0.12634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9424","summary":"In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00046,"ranking_epss":0.14124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9428","summary":"In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.  https://source.android.com/security/bulletin/2018-07-01","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00046,"ranking_epss":0.1426,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9432","summary":"In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.0055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9433","summary":"In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01282,"ranking_epss":0.79543,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9411","summary":"In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.07937,"ranking_epss":0.92029,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9412","summary":"In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00048,"ranking_epss":0.15034,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9417","summary":"In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00049,"ranking_epss":0.15152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9419","summary":"In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.01033,"ranking_epss":0.7731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9365","summary":"In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.02743,"ranking_epss":0.85932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9410","summary":"In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00073,"ranking_epss":0.22301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-07-01"],"published_time":"2024-11-19T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9348","summary":"In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.02712,"ranking_epss":0.85856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9364","summary":"In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00025,"ranking_epss":0.06665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9366","summary":"In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00046,"ranking_epss":0.14124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9367","summary":"In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00034,"ranking_epss":0.09754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9368","summary":"In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system  execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00026,"ranking_epss":0.07178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9369","summary":"In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.00029,"ranking_epss":0.08373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9370","summary":"In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.00043,"ranking_epss":0.13393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9371","summary":"In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"epss":0.00094,"ranking_epss":0.26344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9372","summary":"In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00056,"ranking_epss":0.17553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9409","summary":"In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00056,"ranking_epss":0.17553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9346","summary":"In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00041,"ranking_epss":0.12634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T19:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9339","summary":"In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00035,"ranking_epss":0.10196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T19:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9340","summary":"In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00138,"ranking_epss":0.33919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T19:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9341","summary":"In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00507,"ranking_epss":0.66243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T19:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9344","summary":"In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00038,"ranking_epss":0.11413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T19:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9345","summary":"In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00041,"ranking_epss":0.12634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T19:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-21270","summary":"In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0003,"ranking_epss":0.08456,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2023-08-01"],"published_time":"2024-11-19T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13315","summary":"In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00016,"ranking_epss":0.03542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-19T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9338","summary":"In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00046,"ranking_epss":0.14426,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-19T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-50302","summary":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.01318,"ranking_epss":0.79822,"kev":true,"propose_action":"The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.","ransomware_campaign":"Unknown","references":["https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf","https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552","https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b","https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5","https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648","https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191","https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46","https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26","https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"],"published_time":"2024-11-19T02:16:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13310","summary":"In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":7e-05,"ranking_epss":0.00528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-15T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13311","summary":"In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":6e-05,"ranking_epss":0.00376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-15T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13312","summary":"In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00026,"ranking_epss":0.07033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-15T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13313","summary":"In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.02712,"ranking_epss":0.85856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-15T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13314","summary":"In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00733,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-15T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13309","summary":"In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00041,"ranking_epss":0.12634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-05-01"],"published_time":"2024-11-15T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13227","summary":"In the autofill service, the package name that is provided by the app process is trusted inappropriately.  This could lead to information disclosure with no additional execution privileges needed.  User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00056,"ranking_epss":0.17707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2018-06-01"],"published_time":"2024-11-14T23:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43083","summary":"In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00089,"ranking_epss":0.25497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Wifi/+/62f61e19524e9a55cadd1116c9448ff34b977e50","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43084","summary":"In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00071,"ranking_epss":0.21871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/50eec20b570cd4cbbe8c5971af4c9dda3ddcb858","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43085","summary":"In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00056,"ranking_epss":0.17732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/2457d4e459ee6ffd099b9ff7cce9c83119c3ce66","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43086","summary":"In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00064,"ranking_epss":0.20031,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/55a3d36701bb874358f685d3ac3381eda10fcff0","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43087","summary":"In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00066,"ranking_epss":0.20482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/6253b87704bb097ad9963941bdddf3b86906a73e","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43088","summary":"In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0039,"ranking_epss":0.60038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43089","summary":"In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00061,"ranking_epss":0.1936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/33ff6a663eea1fcdd2b422b98722c1dee48a7f6a","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43090","summary":"In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"epss":0.00381,"ranking_epss":0.59503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/f1a15b5ef2539113c882fd2644f301a23e50f961","https://source.android.com/security/bulletin/2025-03-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43091","summary":"In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.04721,"ranking_epss":0.89344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43093","summary":"In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to  incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"epss":0.00182,"ranking_epss":0.39897,"kev":true,"propose_action":"Android Framework contains an unspecified vulnerability that allows for privilege escalation.","ransomware_campaign":"Unknown","references":["https://android.googlesource.com/platform/frameworks/base/+/7f83c671626f9bf993581f4598c22482d87cba10","https://source.android.com/security/bulletin/2025-03-01","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43093"],"published_time":"2024-11-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23715","summary":"In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00055,"ranking_epss":0.17473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-31337","summary":"In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00029,"ranking_epss":0.08337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34719","summary":"In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":6e-05,"ranking_epss":0.00435,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b0e4375577ba7e21bd40edac5990bea418ecdc8c","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34729","summary":"In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00054,"ranking_epss":0.17023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34747","summary":"In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00044,"ranking_epss":0.13455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40660","summary":"In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00106,"ranking_epss":0.2875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/native/+/064ce6e3235b6318be1e41f1bac9595a98e4aafa","https://android.googlesource.com/platform/frameworks/native/+/b6ddf525be3c2abbde59ae1533494b18a7961087","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40661","summary":"In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00052,"ranking_epss":0.16541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/modules/Permission/+/ffd81f212b5594b498f0ba07645c7a181540e494","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40671","summary":"In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00066,"ranking_epss":0.20498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43080","summary":"In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00089,"ranking_epss":0.25458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/packages/apps/Settings/+/26ce013dfd7e59a451acc66e7f05564e0884d46b","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43081","summary":"In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":9e-05,"ranking_epss":0.00887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/31c098c4271ad4fdfb3809e05017ead8d9f6580f","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43082","summary":"In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00075,"ranking_epss":0.22731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://android.googlesource.com/platform/frameworks/base/+/6aa1b4fbf5936a1ff5bdbb79397c94910a6ed8f5","https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35659","summary":"In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00054,"ranking_epss":0.17023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35686","summary":"In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00029,"ranking_epss":0.08337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/2024-11-01"],"published_time":"2024-11-13T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11026","summary":"A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","cvss":3.7,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.7,"epss":0.0033,"ranking_epss":0.55986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20Keystore%20Password%5D%20found%20in%20FREENOW%20(ex%20Beat%20app)%2012.10.0%20-%20(SSL.java).md","https://vuldb.com/?ctiid.283544","https://vuldb.com/?id.283544","https://vuldb.com/?submit.434538"],"published_time":"2024-11-08T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10826","summary":"Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.0035,"ranking_epss":0.57475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/370217726"],"published_time":"2024-11-06T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49402","summary":"Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00167,"ranking_epss":0.37945,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49404","summary":"Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00167,"ranking_epss":0.37964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34678","summary":"Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"epss":0.00188,"ranking_epss":0.4065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34679","summary":"Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00087,"ranking_epss":0.25185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34680","summary":"Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00116,"ranking_epss":0.30359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34682","summary":"Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"epss":0.00233,"ranking_epss":0.4619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49401","summary":"Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00097,"ranking_epss":0.26802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34673","summary":"Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"epss":0.00049,"ranking_epss":0.15361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34674","summary":"Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"epss":0.00215,"ranking_epss":0.43994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34675","summary":"Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"epss":0.00267,"ranking_epss":0.50204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34676","summary":"Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00165,"ranking_epss":0.3767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34677","summary":"Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"epss":0.00111,"ranking_epss":0.29613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11"],"published_time":"2024-11-06T03:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20117","summary":"In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1681.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00025,"ranking_epss":0.06651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20118","summary":"In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062392; Issue ID: MSV-1621.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20119","summary":"In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00019,"ranking_epss":0.04923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20120","summary":"In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1575.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00019,"ranking_epss":0.04923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20121","summary":"In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1574.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20122","summary":"In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1572.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00035,"ranking_epss":0.10111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20123","summary":"In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1569.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00035,"ranking_epss":0.10111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20124","summary":"In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1568.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00035,"ranking_epss":0.10111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20106","summary":"In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00023,"ranking_epss":0.06075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20107","summary":"In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00049,"ranking_epss":0.15147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20108","summary":"In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00037,"ranking_epss":0.11254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20109","summary":"In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065928; Issue ID: MSV-1763.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20110","summary":"In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20111","summary":"In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00019,"ranking_epss":0.04923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20112","summary":"In isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09071481; Issue ID: MSV-1730.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00024,"ranking_epss":0.06372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20113","summary":"In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036814; Issue ID: MSV-1715.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20114","summary":"In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.0002,"ranking_epss":0.05178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20115","summary":"In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036695; Issue ID: MSV-1713.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"epss":0.00019,"ranking_epss":0.04923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20104","summary":"In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"epss":0.00054,"ranking_epss":0.16968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://corp.mediatek.com/product-security-bulletin/November-2024"],"published_time":"2024-11-04T02:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47023","summary":"there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"epss":0.03741,"ranking_epss":0.87965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47024","summary":"In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00045,"ranking_epss":0.13918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47025","summary":"In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00054,"ranking_epss":0.17245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47026","summary":"In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00072,"ranking_epss":0.2213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47027","summary":"In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00031,"ranking_epss":0.08701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47028","summary":"In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"epss":0.00037,"ranking_epss":0.11135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47029","summary":"In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00072,"ranking_epss":0.2213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47030","summary":"Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"epss":0.00133,"ranking_epss":0.33021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47031","summary":"Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":0.00126,"ranking_epss":0.32045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47033","summary":"In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00035,"ranking_epss":0.10328,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47034","summary":"there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00072,"ranking_epss":0.2213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47035","summary":"In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00061,"ranking_epss":0.19291,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47041","summary":"In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00059,"ranking_epss":0.18647,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44098","summary":"In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"epss":0.00018,"ranking_epss":0.04612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44099","summary":"There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":5e-05,"ranking_epss":0.00248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44100","summary":"Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00096,"ranking_epss":0.26615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44101","summary":"there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.0127,"ranking_epss":0.79449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47012","summary":"In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00028,"ranking_epss":0.08013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47013","summary":"In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00038,"ranking_epss":0.11597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47014","summary":"Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00185,"ranking_epss":0.40233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47015","summary":"In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.0005,"ranking_epss":0.15623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47016","summary":"there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00038,"ranking_epss":0.11597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47017","summary":"In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00048,"ranking_epss":0.14976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47018","summary":"In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00065,"ranking_epss":0.20399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47019","summary":"In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00065,"ranking_epss":0.20452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47020","summary":"Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00162,"ranking_epss":0.3724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47021","summary":"In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00635,"ranking_epss":0.70356,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-47022","summary":"Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00162,"ranking_epss":0.3724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://source.android.com/security/bulletin/pixel/2024-10-01"],"published_time":"2024-10-25T11:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9956","summary":"Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0002,"ranking_epss":0.05455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/370482421","http://seclists.org/fulldisclosure/2025/Jan/13","https://mastersplinter.work/research/passkey/","https://news.ycombinator.com/item?id=43408674"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39440","summary":"In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00033,"ranking_epss":0.09405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897"],"published_time":"2024-10-09T07:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39437","summary":"In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00027,"ranking_epss":0.07633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897"],"published_time":"2024-10-09T07:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39438","summary":"In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00027,"ranking_epss":0.07633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897"],"published_time":"2024-10-09T07:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39439","summary":"In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00026,"ranking_epss":0.07035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897"],"published_time":"2024-10-09T07:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39436","summary":"In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00027,"ranking_epss":0.07633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897"],"published_time":"2024-10-09T07:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34669","summary":"Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.05101,"ranking_epss":0.89792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34672","summary":"Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00106,"ranking_epss":0.28858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34665","summary":"Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.05101,"ranking_epss":0.89792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34666","summary":"Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.05101,"ranking_epss":0.89792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34667","summary":"Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.05101,"ranking_epss":0.89792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34668","summary":"Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.05101,"ranking_epss":0.89792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34662","summary":"Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00081,"ranking_epss":0.24094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-34663","summary":"Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00037,"ranking_epss":0.11267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10"],"published_time":"2024-10-08T07:15:03","vendor":null,"product":null,"version":null}]}