Total
7294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9564 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
| In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-114238578 | |||||
| CVE-2019-9447 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-9449 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2136 | 1 Google | 1 Android | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132650049. | |||||
| CVE-2019-2017 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-121035711 | |||||
| CVE-2019-2102 | 1 Google | 1 Android | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052. | |||||
| CVE-2019-2044 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862 | |||||
| CVE-2018-9561 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
| In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-111660010 | |||||
| CVE-2019-2090 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599183 | |||||
| CVE-2019-9270 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2103 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-9461 | 1 Google | 1 Android | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2105 | 1 Google | 1 Android | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182. | |||||
| CVE-2019-9455 | 2 Google, Opensuse | 2 Android, Leap | 2024-02-04 | 2.1 LOW | 2.3 LOW |
| In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2133 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132082342. | |||||
| CVE-2019-5681 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure. | |||||
| CVE-2019-2099 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123583388. | |||||
| CVE-2019-5816 | 3 Fedoraproject, Google, Opensuse | 5 Fedora, Android, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. | |||||
| CVE-2019-2119 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131622568. | |||||
| CVE-2019-9248 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||