NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2022-20458 | The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 | 5.5 | 0.05% | 2023-01-26 | 2026-06-17 |
| CVE-2021-0597 | In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502 | 5.5 | 0.05% | 2021-07-14 | 2026-06-16 |
| CVE-2018-9390 | In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 6.7 | 0.05% | 2024-12-05 | 2026-06-16 |
| CVE-2025-0089 | In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2025-09-04 | 2026-06-17 |
| CVE-2024-40662 | In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2024-09-10 | 2026-06-17 |
| CVE-2024-40656 | In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 5.5 | 0.06% | 2024-09-10 | 2026-06-17 |
| CVE-2023-40093 | In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.06% | 2024-02-15 | 2026-06-17 |
| CVE-2023-21155 | In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540700References: N/A | 5.5 | 0.06% | 2023-06-28 | 2026-06-17 |
| CVE-2023-21152 | In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/A | 5.5 | 0.06% | 2023-06-28 | 2026-06-17 |
| CVE-2022-20174 | In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A | 4.4 | 0.06% | 2022-06-15 | 2026-06-17 |
| CVE-2025-22432 | In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation. | 6.7 | 0.06% | 2025-12-08 | 2026-06-17 |
| CVE-2024-43089 | In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2024-11-13 | 2026-06-17 |
| CVE-2024-43085 | In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2024-11-13 | 2026-06-17 |
| CVE-2024-40671 | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2024-11-13 | 2026-06-17 |
| CVE-2018-9449 | In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.06% | 2024-12-02 | 2026-06-16 |
| CVE-2018-9409 | In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2024-11-19 | 2026-06-16 |
| CVE-2018-9372 | In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2024-11-19 | 2026-06-16 |
| CVE-2017-13227 | In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.06% | 2024-11-14 | 2026-06-16 |
| CVE-2025-32312 | In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2025-09-04 | 2026-06-17 |
| CVE-2024-49738 | In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.06% | 2025-01-21 | 2026-06-17 |