U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Product: cpe:/::android
There are 8,694 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2025-20964

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Published: May 07, 2025; 5:15:16 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-20963

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Published: May 07, 2025; 5:15:16 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-20962

Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.

Published: May 07, 2025; 5:15:16 AM -0400
V4.0:(not available)
V3.1: 4.0 MEDIUM
V2.0:(not available)
CVE-2025-20961

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.

Published: May 07, 2025; 5:15:16 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2025-20960

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.

Published: May 07, 2025; 5:15:16 AM -0400
V4.0:(not available)
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2025-20959

Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.

Published: May 07, 2025; 5:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2025-20958

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.

Published: May 07, 2025; 5:15:15 AM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2025-20957

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.

Published: May 07, 2025; 5:15:15 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-20955

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.

Published: May 07, 2025; 5:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2025-20954

Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

Published: May 07, 2025; 5:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2025-20953

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.

Published: May 07, 2025; 5:15:15 AM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2025-20937

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Published: May 07, 2025; 5:15:14 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2025-20671

In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.

Published: May 04, 2025; 11:15:22 PM -0400
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2025-20668

In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.

Published: May 04, 2025; 11:15:22 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-20665

In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

Published: May 04, 2025; 11:15:21 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2025-20934

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

Published: April 08, 2025; 1:15:37 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2025-20662

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.

Published: April 07, 2025; 12:15:20 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-20661

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.

Published: April 07, 2025; 12:15:20 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-20660

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.

Published: April 07, 2025; 12:15:19 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-20658

In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.

Published: April 07, 2025; 12:15:19 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)