Lucene search

K

84 matches found

CVE
CVE
added 2019/06/07 8:29 p.m.251 views

CVE-2019-2102

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User int...

8.8CVSS7.2AI score0.00099EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.219 views

CVE-2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Andr...

9.3CVSS8.6AI score0.064EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.205 views

CVE-2019-2107

In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android...

9.3CVSS8.7AI score0.44303EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.161 views

CVE-2019-2097

In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: A...

10CVSS9.3AI score0.00873EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.158 views

CVE-2019-2092

In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: And...

7.8CVSS7.5AI score0.00009EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.156 views

CVE-2019-2090

In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Ve...

7.8CVSS7.5AI score0.0001EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.152 views

CVE-2019-2091

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Produ...

7.8CVSS7.5AI score0.00009EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.152 views

CVE-2019-2099

In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 A...

9.3CVSS7.7AI score0.00036EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.149 views

CVE-2019-2096

In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.126 views

CVE-2019-2094

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7....

9.3CVSS8.4AI score0.00177EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.121 views

CVE-2019-2019

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 And...

7.1CVSS6.2AI score0.00103EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.121 views

CVE-2019-2098

In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for exploitation. Product: Andro...

7.8CVSS7.5AI score0.00009EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.114 views

CVE-2019-1987

In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Andro...

9.3CVSS8.1AI score0.00164EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.111 views

CVE-2019-2009

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 And...

8.8CVSS8.8AI score0.00676EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.110 views

CVE-2019-1989

In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

9.3CVSS8.8AI score0.01673EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.109 views

CVE-2019-1985

In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2019/08/08 9:15 p.m.102 views

CVE-2019-14783

On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.

5.5CVSS5.4AI score0.00044EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.100 views

CVE-2019-2020

In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.95 views

CVE-2019-2004

In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 An...

5.5CVSS5.2AI score0.00037EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.95 views

CVE-2019-2022

In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidV...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.94 views

CVE-2019-1990

In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 An...

9.3CVSS8.8AI score0.01673EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.88 views

CVE-2018-9561

In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.84 views

CVE-2019-2003

In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android...

9.3CVSS8.7AI score0.01673EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.82 views

CVE-2019-2016

In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.82 views

CVE-2019-2017

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.81 views

CVE-2019-2021

In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 A...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.77 views

CVE-2019-2012

In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.75 views

CVE-2018-9564

In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Andr...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.75 views

CVE-2019-2013

In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.74 views

CVE-2019-2015

In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Andro...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.72 views

CVE-2019-2014

In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 And...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.71 views

CVE-2019-2010

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.67 views

CVE-2018-9563

In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.65 views

CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android...

9.3CVSS8.8AI score0.00343EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.62 views

CVE-2019-2117

In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. ...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.61 views

CVE-2019-2044

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: An...

9.3CVSS8.7AI score0.01214EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.59 views

CVE-2019-2134

In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Andr...

9.3CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.58 views

CVE-2019-2130

In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product: A...

10CVSS9.4AI score0.01098EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.56 views

CVE-2019-2047

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 And...

10CVSS9.2AI score0.00873EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.55 views

CVE-2019-2029

In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1....

8.8CVSS8.8AI score0.00564EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.55 views

CVE-2019-2043

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interactio...

7.3CVSS7.2AI score0.00014EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.54 views

CVE-2018-9583

In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges...

10CVSS7.6AI score0.00977EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.53 views

CVE-2019-2046

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android ...

10CVSS9.3AI score0.01182EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.51 views

CVE-2019-2106

In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

9.3CVSS8.8AI score0.0037EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.50 views

CVE-2019-2051

In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android V...

7.8CVSS7AI score0.00396EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.48 views

CVE-2019-1991

In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android...

9.3CVSS8.9AI score0.01005EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.48 views

CVE-2019-2105

In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versi...

8.8CVSS8.7AI score0.00409EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.47 views

CVE-2019-2034

In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Andro...

7.8CVSS7.7AI score0.00056EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.47 views

CVE-2019-2045

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 And...

10CVSS9.3AI score0.00873EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.47 views

CVE-2019-2136

In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 ...

5.5CVSS5AI score0.00017EPSS
Total number of security vulnerabilities84