Lucene search

K

493 matches found

cve
cve
added 2019/02/28 5:29 p.m.45 views

CVE-2019-1993

In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Andr...

7.8CVSS7.8AI score0.00018EPSS
cve
cve
added 2019/05/08 5:29 p.m.45 views

CVE-2019-2050

In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 An...

7.8CVSS7.7AI score0.00012EPSS
cve
cve
added 2019/02/11 3:29 p.m.44 views

CVE-2018-13893

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.

7.8CVSS7.4AI score0.00043EPSS
cve
cve
added 2019/02/12 12:0 a.m.44 views

CVE-2018-9589

In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privi...

5.5CVSS5AI score0.00024EPSS
cve
cve
added 2019/02/28 5:29 p.m.44 views

CVE-2019-1992

In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Andr...

7.6CVSS7.8AI score0.00782EPSS
cve
cve
added 2019/04/19 8:29 p.m.44 views

CVE-2019-2027

In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Andro...

9.3CVSS8.8AI score0.00343EPSS
cve
cve
added 2019/07/08 6:15 p.m.44 views

CVE-2019-2116

In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Androi...

7.5CVSS6.9AI score0.00314EPSS
cve
cve
added 2019/09/27 7:15 p.m.44 views

CVE-2019-9402

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550

7.5CVSS7.6AI score0.00499EPSS
cve
cve
added 2019/09/27 7:15 p.m.44 views

CVE-2019-9418

In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210

7.1CVSS6.8AI score0.00346EPSS
cve
cve
added 2019/04/19 8:29 p.m.43 views

CVE-2019-2035

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-...

7.8CVSS7.7AI score0.00056EPSS
cve
cve
added 2019/09/27 7:15 p.m.43 views

CVE-2019-2085

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180

8.8CVSS9AI score0.00409EPSS
cve
cve
added 2019/08/20 8:15 p.m.43 views

CVE-2019-2128

In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...

7.8CVSS7.7AI score0.00013EPSS
cve
cve
added 2019/08/20 8:15 p.m.43 views

CVE-2019-2133

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

9.3CVSS7.8AI score0.00066EPSS
cve
cve
added 2019/08/20 8:15 p.m.43 views

CVE-2019-2137

In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versio...

5.5CVSS5.3AI score0.00016EPSS
cve
cve
added 2019/09/27 7:15 p.m.43 views

CVE-2019-9268

In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-7747...

5.5CVSS6.5AI score0.00013EPSS
cve
cve
added 2019/09/27 7:15 p.m.43 views

CVE-2019-9285

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215315

7.5CVSS7.6AI score0.00499EPSS
cve
cve
added 2019/09/27 7:15 p.m.43 views

CVE-2019-9424

In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092

7.5CVSS7.4AI score0.00123EPSS
cve
cve
added 2019/01/31 8:29 p.m.42 views

CVE-2018-6241

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.

7.8CVSS6.7AI score0.00033EPSS
cve
cve
added 2019/05/07 8:29 p.m.42 views

CVE-2018-6243

NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A.

7.8CVSS7.3AI score0.00013EPSS
cve
cve
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9585

In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U...

7.8CVSS6.2AI score0.00022EPSS
cve
cve
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9588

In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileg...

6.5CVSS5.5AI score0.00164EPSS
cve
cve
added 2019/04/19 8:29 p.m.42 views

CVE-2019-2031

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Andro...

7.8CVSS7.7AI score0.00015EPSS
cve
cve
added 2019/09/27 7:15 p.m.42 views

CVE-2019-2164

In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113263695

6.5CVSS6.4AI score0.00125EPSS
cve
cve
added 2019/11/13 6:15 p.m.42 views

CVE-2019-2198

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-...

5.5CVSS5.5AI score0.0069EPSS
cve
cve
added 2019/11/13 6:15 p.m.42 views

CVE-2019-2207

In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 An...

7.8CVSS7.7AI score0.00034EPSS
cve
cve
added 2019/09/27 7:15 p.m.42 views

CVE-2019-9258

In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028

7.8CVSS8.2AI score0.00015EPSS
cve
cve
added 2019/09/27 7:15 p.m.42 views

CVE-2019-9315

In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216

6.5CVSS6.5AI score0.00244EPSS
cve
cve
added 2019/09/27 7:15 p.m.42 views

CVE-2019-9343

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050983

7.5CVSS7.2AI score0.00312EPSS
cve
cve
added 2019/02/12 12:0 a.m.41 views

CVE-2018-9587

In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no ...

7.3CVSS6.1AI score0.00022EPSS
cve
cve
added 2019/02/28 5:29 p.m.41 views

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges ne...

5.5CVSS5.4AI score0.00024EPSS
cve
cve
added 2019/09/27 7:15 p.m.41 views

CVE-2019-2061

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112610994

8.8CVSS9AI score0.00409EPSS
cve
cve
added 2019/09/27 7:15 p.m.41 views

CVE-2019-9431

In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Andro...

4.9CVSS5.5AI score0.00265EPSS
cve
cve
added 2019/02/11 3:29 p.m.40 views

CVE-2018-12010

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.

7.8CVSS7.8AI score0.00019EPSS
cve
cve
added 2019/02/12 12:0 a.m.40 views

CVE-2018-9590

In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interactio...

7.5CVSS5.7AI score0.00386EPSS
cve
cve
added 2019/02/12 12:0 a.m.40 views

CVE-2018-9591

In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User i...

7.5CVSS5.7AI score0.00386EPSS
cve
cve
added 2019/02/12 12:0 a.m.40 views

CVE-2018-9593

In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges neede...

6.5CVSS5.3AI score0.00049EPSS
cve
cve
added 2019/02/28 5:29 p.m.40 views

CVE-2019-1997

In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Produ...

7.5CVSS6.8AI score0.00175EPSS
cve
cve
added 2019/02/28 5:29 p.m.40 views

CVE-2019-2001

The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.

5.5CVSS5.1AI score0.00019EPSS
cve
cve
added 2019/04/19 8:29 p.m.40 views

CVE-2019-2028

In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 And...

9.3CVSS8.7AI score0.0037EPSS
cve
cve
added 2019/08/20 8:15 p.m.40 views

CVE-2019-2121

In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android...

7CVSS7AI score0.0001EPSS
cve
cve
added 2019/09/27 7:15 p.m.40 views

CVE-2019-2138

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118494320

6.5CVSS6.4AI score0.00125EPSS
cve
cve
added 2019/11/13 6:15 p.m.40 views

CVE-2019-2208

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploi...

7.8CVSS7.1AI score0.00417EPSS
cve
cve
added 2019/11/13 6:15 p.m.40 views

CVE-2019-2212

In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1396...

5.5CVSS5.1AI score0.00044EPSS
cve
cve
added 2019/09/27 7:15 p.m.40 views

CVE-2019-9236

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613

5CVSS5.3AI score0.00017EPSS
cve
cve
added 2019/09/27 7:15 p.m.40 views

CVE-2019-9282

In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371

6.5CVSS6.4AI score0.00244EPSS
cve
cve
added 2019/09/27 7:15 p.m.40 views

CVE-2019-9291

In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11215917...

8.8CVSS8.9AI score0.00409EPSS
cve
cve
added 2019/09/27 7:15 p.m.40 views

CVE-2019-9391

In libxaac, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111050781

6.5CVSS6.4AI score0.00125EPSS
cve
cve
added 2019/09/27 7:15 p.m.40 views

CVE-2019-9415

In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111805098

6.5CVSS6.5AI score0.00244EPSS
cve
cve
added 2019/02/11 3:29 p.m.39 views

CVE-2018-12006

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.

5.5CVSS5.4AI score0.00019EPSS
cve
cve
added 2019/02/11 3:29 p.m.39 views

CVE-2018-12011

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.

5.5CVSS5.2AI score0.00019EPSS
Total number of security vulnerabilities493