Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15122 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43771 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43770 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43769 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43768 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43767 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43766 1 Google 1 Android 2026-06-17 N/A 6.5 MEDIUM
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43765 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43764 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43763 1 Google 1 Android 2026-06-17 N/A 6.5 MEDIUM
In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43762 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43201 3 Apple, Google, Planetfitness 3 Iphone Os, Android, Planet Fitness Workouts 2026-06-17 N/A 8.8 HIGH
The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) and more recently in version 9.9.13 (released on 2025-02-11).
CVE-2024-43097 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43096 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43095 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43093 1 Google 1 Android 2026-06-17 N/A 7.3 HIGH
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43091 1 Google 1 Android 2026-06-17 N/A 9.8 CRITICAL
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43090 1 Google 1 Android 2026-06-17 N/A 5.0 MEDIUM
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43089 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43088 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43087 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.