Total
8954 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20437 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | N/A | 4.4 MEDIUM |
| In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843. | |||||
| CVE-2026-20438 | 2 Google, Mediatek | 12 Android, Mt2718, Mt6899 and 9 more | 2026-03-03 | N/A | 6.4 MEDIUM |
| In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835. | |||||
| CVE-2026-20439 | 2 Google, Mediatek | 6 Android, Mt2718, Mt6899 and 3 more | 2026-03-03 | N/A | 4.4 MEDIUM |
| In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826. | |||||
| CVE-2026-20429 | 2 Google, Mediatek | 30 Android, Mt6739, Mt6761 and 27 more | 2026-03-02 | N/A | 4.4 MEDIUM |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535. | |||||
| CVE-2021-0642 | 1 Google | 1 Android | 2026-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | |||||
| CVE-2021-0641 | 1 Google | 1 Android | 2026-02-25 | 2.1 LOW | 5.5 MEDIUM |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | |||||
| CVE-2021-0584 | 1 Google | 1 Android | 2026-02-25 | 2.1 LOW | 5.5 MEDIUM |
| In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794 | |||||
| CVE-2026-0106 | 1 Google | 1 Android | 2026-02-19 | N/A | 9.3 CRITICAL |
| In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-20409 | 2 Google, Mediatek | 3 Android, Mt6897, Mt6989 | 2026-02-04 | N/A | 7.8 HIGH |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779. | |||||
| CVE-2026-20410 | 2 Google, Mediatek | 6 Android, Mt6897, Mt6989 and 3 more | 2026-02-04 | N/A | 6.7 MEDIUM |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760. | |||||
| CVE-2026-20411 | 2 Google, Mediatek | 25 Android, Mt6878, Mt6879 and 22 more | 2026-02-04 | N/A | 7.8 HIGH |
| In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737. | |||||
| CVE-2026-20412 | 2 Google, Mediatek | 25 Android, Mt6878, Mt6879 and 22 more | 2026-02-04 | N/A | 7.8 HIGH |
| In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733. | |||||
| CVE-2026-20413 | 2 Google, Mediatek | 5 Android, Mt6899, Mt6991 and 2 more | 2026-02-03 | N/A | 6.7 MEDIUM |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694. | |||||
| CVE-2026-20414 | 2 Google, Mediatek | 9 Android, Mt6897, Mt6989 and 6 more | 2026-02-03 | N/A | 6.7 MEDIUM |
| In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625. | |||||
| CVE-2026-20415 | 2 Google, Mediatek | 3 Android, Mt6897, Mt6989 | 2026-02-03 | N/A | 5.5 MEDIUM |
| In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617. | |||||
| CVE-2026-20417 | 2 Google, Mediatek | 4 Android, Mt6991, Mt6993 and 1 more | 2026-02-03 | N/A | 5.3 MEDIUM |
| In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154. | |||||
| CVE-2025-36911 | 1 Google | 1 Android | 2026-01-28 | N/A | 7.1 HIGH |
| In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48647 | 1 Google | 1 Android | 2026-01-27 | N/A | 7.8 HIGH |
| In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36934 | 1 Google | 1 Android | 2026-01-15 | N/A | 7.4 HIGH |
| In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2026-01-14 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||