Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48573
2025-12-08
HIGH
7.8
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could…
CVE-2025-48631
2025-12-08
HIGH
7.5
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution…
CVE-2025-48629
2025-12-08
HIGH
7.8
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation…
CVE-2025-48628
2025-12-08
HIGH
7.8
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution…
CVE-2025-48627
2025-12-08
HIGH
7.8
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to…
CVE-2025-48626
2025-12-08
CRITICAL
9.8
In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of…
CVE-2025-48620
2025-12-08
HIGH
7.8
In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic error in the…
CVE-2025-48614
2025-12-08
MEDIUM
4.6
In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to…
CVE-2025-48610
2025-12-08
MEDIUM
5.5
In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no…
CVE-2025-48607
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to…
CVE-2025-48606
2025-12-08
HIGH
7.8
In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error…
CVE-2025-48604
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with…
CVE-2025-48603
2025-12-08
MEDIUM
5.5
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution…
CVE-2025-48600
2025-12-08
MEDIUM
5.5
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no…
CVE-2025-48599
2025-12-08
HIGH
7.8
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation…
CVE-2025-48592
2025-12-08
HIGH
7.5
In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional…
CVE-2025-48591
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with…
CVE-2025-48590
2025-12-08
MEDIUM
5.5
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead…
CVE-2025-48589
2025-12-08
HIGH
7.8
In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local…
CVE-2025-48588
2025-12-08
HIGH
7.8
In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48586
2025-12-08
HIGH
7.8
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of…
CVE-2025-48584
2025-12-08
MEDIUM
5.5
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with…
CVE-2025-48576
2025-12-08
MEDIUM
5.5
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution…
CVE-2025-48575
2025-12-08
HIGH
7.8
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no…
CVE-2025-48566
2025-12-08
HIGH
7.8
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of…
CVE-2025-48565
2025-12-08
HIGH
7.8
In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local…
CVE-2025-48564
2025-12-08
HIGH
7.0
In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-48555
2025-12-08
HIGH
7.8
In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional…
CVE-2025-48536
2025-12-08
HIGH
7.8
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local…
CVE-2025-48525
2025-12-08
HIGH
7.8
In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation.…
CVE-2025-32329
2025-12-08
HIGH
7.8
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the…
CVE-2025-32328
2025-12-08
HIGH
7.8
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the…
CVE-2025-32319
2025-12-08
MEDIUM
6.7
In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation…
CVE-2025-22432
2025-12-08
MEDIUM
6.7
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with…
CVE-2025-22420
2025-12-08
HIGH
7.8
In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-65230
2025-12-08
N/A
0.0
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.
CVE-2025-48639
2025-12-08
HIGH
7.3
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with…
CVE-2025-48625
2025-12-08
HIGH
7.0
In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to…
CVE-2025-48638
2025-12-08
HIGH
7.8
In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-48632
2025-12-08
HIGH
7.8
In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could…
CVE-2025-48624
2025-12-08
HIGH
7.8
In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution…
CVE-2025-48623
2025-12-08
HIGH
7.8
In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional…
CVE-2025-48622
2025-12-08
MEDIUM
5.5
In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution…
CVE-2025-48608
2025-12-08
MEDIUM
5.5
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional…
CVE-2025-48569
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges…
CVE-2025-48621
2025-12-08
HIGH
7.3
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional…
CVE-2025-48618
2025-12-08
MEDIUM
6.8
In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional…
CVE-2025-48615
2025-12-08
HIGH
7.8
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-66327
2025-12-08
HIGH
7.1
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-66328
2025-12-08
HIGH
8.4
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
« Anterior
Página 595 de 4286
Siguiente »
Page load link
Go to Top
