Lucene search

K

493 matches found

CVE
CVE
added 2019/10/11 7:15 p.m.1367 views

CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network f...

7.8CVSS7.5AI score0.4903EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.563 views

CVE-2019-9456

In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS7.3AI score0.00159EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.489 views

CVE-2019-9458

In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7CVSS7.1AI score0.00034EPSS
CVE
CVE
added 2019/08/14 5:15 p.m.451 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary cipher...

8.1CVSS8.4AI score0.02341EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.419 views

CVE-2019-9455

In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

2.3CVSS4.4AI score0.00023EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.411 views

CVE-2019-9453

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.5AI score0.00207EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.360 views

CVE-2019-2219

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interactio...

4.7CVSS4.9AI score0.00012EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.335 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

8.8CVSS8.5AI score0.04889EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.292 views

CVE-2019-2228

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5AI score0.0011EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.284 views

CVE-2019-2182

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.5AI score0.00034EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.284 views

CVE-2019-9448

In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.284 views

CVE-2019-9449

In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.280 views

CVE-2019-9447

In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.278 views

CVE-2019-9442

In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00019EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.278 views

CVE-2019-9450

In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.4CVSS6.7AI score0.00013EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.275 views

CVE-2019-9275

In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.8AI score0.00086EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.272 views

CVE-2019-9426

In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.261 views

CVE-2019-9445

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.9AI score0.00241EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.257 views

CVE-2019-9276

In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00019EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.256 views

CVE-2019-9454

In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.8AI score0.00021EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.251 views

CVE-2019-2102

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User int...

8.8CVSS7.2AI score0.00099EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.249 views

CVE-2019-9273

In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.248 views

CVE-2019-9274

In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS7.5AI score0.00016EPSS
CVE
CVE
added 2019/06/07 8:29 p.m.247 views

CVE-2019-2101

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android...

5.5CVSS5.9AI score0.00111EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.247 views

CVE-2019-9245

In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.2AI score0.00047EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.244 views

CVE-2019-9232

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

7.5CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.243 views

CVE-2019-9446

In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.242 views

CVE-2019-9345

In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.6AI score0.00013EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.242 views

CVE-2019-9436

In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

6.7CVSS6.6AI score0.00016EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.241 views

CVE-2019-9441

In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.236 views

CVE-2019-2024

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954Referen...

7.8CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.235 views

CVE-2019-9248

In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.235 views

CVE-2019-9452

In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.234 views

CVE-2019-9270

In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.219 views

CVE-2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Andr...

9.3CVSS8.6AI score0.064EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.214 views

CVE-2019-9376

In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; And...

5.5CVSS5.3AI score0.00015EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.212 views

CVE-2019-9444

In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.6AI score0.00088EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.205 views

CVE-2019-2107

In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android...

9.3CVSS8.7AI score0.44303EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.203 views

CVE-2019-9443

In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for ex...

6.7CVSS6.7AI score0.00013EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.201 views

CVE-2019-9433

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354

6.5CVSS6.7AI score0.01891EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.194 views

CVE-2019-9451

In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.192 views

CVE-2019-9461

In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS5.9AI score0.00634EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.187 views

CVE-2019-9271

In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.4CVSS6.6AI score0.00017EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.183 views

CVE-2019-9371

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254

7.1CVSS6.9AI score0.0743EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.180 views

CVE-2019-2201

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Produc...

9.3CVSS7.9AI score0.01526EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.179 views

CVE-2019-2232

In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.4AI score0.00805EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.176 views

CVE-2019-2225

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is n...

8.8CVSS8.5AI score0.00636EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.170 views

CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.170 views

CVE-2019-9464

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges nee...

5.5CVSS5.5AI score0.00075EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.168 views

CVE-2019-2221

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

7.8CVSS7.7AI score0.0001EPSS
Total number of security vulnerabilities493