Lucene search

K

302 matches found

CVE
CVE
added 2019/12/06 11:15 p.m.360 views

CVE-2019-2219

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interactio...

4.7CVSS4.9AI score0.00012EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.335 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

8.8CVSS8.5AI score0.04889EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.292 views

CVE-2019-2228

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5AI score0.0011EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.244 views

CVE-2019-9232

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

7.5CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.201 views

CVE-2019-9433

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354

6.5CVSS6.7AI score0.01891EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.183 views

CVE-2019-9371

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254

7.1CVSS6.9AI score0.0743EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.180 views

CVE-2019-2201

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Produc...

9.3CVSS7.9AI score0.01526EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.179 views

CVE-2019-2232

In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.4AI score0.00805EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.176 views

CVE-2019-2225

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is n...

8.8CVSS8.5AI score0.00636EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.170 views

CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.170 views

CVE-2019-9464

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges nee...

5.5CVSS5.5AI score0.00075EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.168 views

CVE-2019-2221

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

7.8CVSS7.7AI score0.0001EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.168 views

CVE-2019-2222

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Androi...

7.8CVSS7.9AI score0.00665EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.167 views

CVE-2019-2223

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Andr...

7.8CVSS7.9AI score0.00665EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.166 views

CVE-2019-2227

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10An...

6.5CVSS6.1AI score0.00439EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.165 views

CVE-2019-2229

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 ...

5.5CVSS5AI score0.00032EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.165 views

CVE-2019-2231

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: ...

4.4CVSS4.3AI score0.00024EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.162 views

CVE-2019-2218

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for expl...

7.8CVSS7.6AI score0.00013EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.160 views

CVE-2019-2187

In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 An...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.159 views

CVE-2019-2217

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14100...

7.8CVSS7.8AI score0.00037EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.158 views

CVE-2019-2226

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5AI score0.00044EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.158 views

CVE-2019-9325

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

6.5CVSS6.6AI score0.03149EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.155 views

CVE-2019-2230

In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.5CVSS7.1AI score0.01084EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.153 views

CVE-2019-2183

In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

5.5CVSS5.5AI score0.00017EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.153 views

CVE-2019-2186

In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 An...

9.3CVSS8.7AI score0.0037EPSS
CVE
CVE
added 2019/09/05 10:15 p.m.125 views

CVE-2019-2108

In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.3CVSS7.9AI score0.00177EPSS
CVE
CVE
added 2019/09/05 10:15 p.m.125 views

CVE-2019-9254

In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00104EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.120 views

CVE-2019-2185

In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Andr...

9.3CVSS8.7AI score0.0037EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.87 views

CVE-2018-9581

In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr...

3.3CVSS4.6AI score0.00034EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.81 views

CVE-2019-9365

In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537

9.8CVSS9.2AI score0.01445EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.78 views

CVE-2019-9423

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android I...

7.8CVSS7.7AI score0.0029EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.71 views

CVE-2019-9346

In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933

8.8CVSS9.1AI score0.00761EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.70 views

CVE-2019-9335

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112328051

6.5CVSS6.1AI score0.00279EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.69 views

CVE-2019-9416

In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111804142

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.67 views

CVE-2019-9367

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112106425

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.66 views

CVE-2019-2072

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116117112

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.66 views

CVE-2019-2169

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492282

6.5CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.66 views

CVE-2019-9388

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ...

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.65 views

CVE-2019-9401

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115375248

7.5CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9243

In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706

5.5CVSS5.6AI score0.00017EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9398

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115745406

7.5CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9412

In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9432

In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Androi...

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9247

In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9303

In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9338

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686

6.5CVSS6.1AI score0.00279EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9396

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747155

7.5CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-2086

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114735603

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-9233

In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-9239

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487

5CVSS5.3AI score0.00017EPSS
Total number of security vulnerabilities302