Lucene search

K

493 matches found

CVE
CVE
added 2019/02/11 3:29 p.m.39 views

CVE-2018-12014

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.

7.8CVSS5.8AI score0.00019EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.39 views

CVE-2018-9586

In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privi...

7CVSS6AI score0.00017EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.39 views

CVE-2019-2026

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.39 views

CVE-2019-2030

In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119496789.

9.8CVSS9.1AI score0.00889EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.39 views

CVE-2019-2049

In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Prod...

7.8CVSS7.8AI score0.00015EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.39 views

CVE-2019-2053

In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.39 views

CVE-2019-2132

It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-...

9.3CVSS7.6AI score0.00038EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.39 views

CVE-2019-2140

In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705708

6.5CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.39 views

CVE-2019-2192

In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Andr...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.39 views

CVE-2019-2206

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...

9.3CVSS8.7AI score0.01238EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.39 views

CVE-2019-9235

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053

5CVSS5.3AI score0.00017EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.39 views

CVE-2019-9262

In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11179...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.39 views

CVE-2019-9292

In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-...

3.3CVSS4.4AI score0.00015EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.39 views

CVE-2019-9316

In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.39 views

CVE-2019-9384

In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-1205680...

7.2CVSS7.1AI score0.0001EPSS
CVE
CVE
added 2019/02/13 10:29 p.m.38 views

CVE-2018-6271

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.

9.3CVSS6.3AI score0.00055EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.38 views

CVE-2019-1994

In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product...

9.3CVSS8.2AI score0.00142EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-2055

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113164693

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.38 views

CVE-2019-2120

In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andro...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-2190

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Andr...

4.3CVSS4.9AI score0.00017EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.38 views

CVE-2019-2204

In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

10CVSS8.9AI score0.01253EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.38 views

CVE-2019-2233

In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not neede...

7.2CVSS6.6AI score0.00049EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-9253

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android...

4.9CVSS4.9AI score0.00016EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-9256

In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-9309

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117985575

7.3CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-9353

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201

6.5CVSS6.1AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-9360

In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663

4.9CVSS4.8AI score0.00016EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.38 views

CVE-2019-9428

In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-...

6.5CVSS6.4AI score0.00244EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.37 views

CVE-2019-1996

In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versio...

6.5CVSS6.1AI score0.00164EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.37 views

CVE-2019-2038

In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-...

5.5CVSS5AI score0.00062EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.37 views

CVE-2019-2041

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Produ...

7.3CVSS7.3AI score0.00013EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-2069

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117832864

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-2142

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112768568

6.5CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-2172

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035224

6.5CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.37 views

CVE-2019-2197

In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Pro...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-9234

In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-9244

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977

5CVSS5.3AI score0.00017EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-9252

In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73339042

6.5CVSS6.4AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-9375

In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244

6.9CVSS7AI score0.0001EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.37 views

CVE-2019-9382

In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.36 views

CVE-2018-9584

In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. ...

7.8CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.36 views

CVE-2018-9592

In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interac...

7.5CVSS5.7AI score0.00386EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.36 views

CVE-2018-9594

In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed....

6.5CVSS5.3AI score0.00049EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.36 views

CVE-2019-1998

In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: ...

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.36 views

CVE-2019-2033

In create_hdr of dnssd_clientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-121327565.

7.8CVSS7.6AI score0.0001EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.36 views

CVE-2019-2131

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Androi...

9.3CVSS7.6AI score0.0004EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.36 views

CVE-2019-2193

In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interac...

7.8CVSS7.6AI score0.0001EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.36 views

CVE-2019-2195

In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

7.8CVSS7.7AI score0.00033EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.36 views

CVE-2019-2196

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143

5.5CVSS5.5AI score0.0069EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.36 views

CVE-2019-2211

In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10A...

7.8CVSS7.2AI score0.00191EPSS
Total number of security vulnerabilities493