Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2101 | 0.00 | — | 0.00 | Jun 7, 2019 | In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2019-2099 | 0.00 | — | 0.01 | Jun 7, 2019 | In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2019-2098 | 0.00 | — | 0.00 | Jun 7, 2019 | In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for… | |||
| CVE-2019-2102 | 0.00 | — | 0.00 | Jun 7, 2019 | In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly… | |||
| CVE-2019-2097 | 0.00 | — | 0.01 | Jun 7, 2019 | In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2019-2096 | 0.00 | — | 0.00 | Jun 7, 2019 | In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2019-2095 | 0.00 | — | 0.01 | Jun 7, 2019 | In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:… | |||
| CVE-2019-2094 | 0.00 | — | 0.01 | Jun 7, 2019 | In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-2093 | 0.00 | — | 0.01 | Jun 7, 2019 | In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9.… | |||
| CVE-2019-2092 | 0.00 | — | 0.00 | Jun 7, 2019 | In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for… | |||
| CVE-2019-2091 | 0.00 | — | 0.00 | Jun 7, 2019 | In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for… | |||
| CVE-2019-2090 | 0.00 | — | 0.00 | Jun 7, 2019 | In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation.… | |||
| CVE-2019-2049 | 0.00 | — | 0.00 | May 8, 2019 | In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2019-2046 | 0.00 | — | 0.01 | May 8, 2019 | In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2019-2045 | 0.00 | — | 0.01 | May 8, 2019 | In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2019-2044 | 0.00 | — | 0.01 | May 8, 2019 | In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2019-2043 | 0.00 | — | 0.00 | May 8, 2019 | In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges… | |||
| CVE-2019-2037 | 0.00 | — | 0.01 | Apr 19, 2019 | In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2019-2041 | 0.00 | — | 0.00 | Apr 19, 2019 | In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2019-2032 | 0.00 | — | 0.00 | Apr 19, 2019 | In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.… |
- CVE-2019-2101Jun 7, 2019risk 0.00cvss —epss 0.00
In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2019-2099Jun 7, 2019risk 0.00cvss —epss 0.01
In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2019-2098Jun 7, 2019risk 0.00cvss —epss 0.00
In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for…
- CVE-2019-2102Jun 7, 2019risk 0.00cvss —epss 0.00
In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly…
- CVE-2019-2097Jun 7, 2019risk 0.00cvss —epss 0.01
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-2096Jun 7, 2019risk 0.00cvss —epss 0.00
In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2019-2095Jun 7, 2019risk 0.00cvss —epss 0.01
In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…
- CVE-2019-2094Jun 7, 2019risk 0.00cvss —epss 0.01
In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2019-2093Jun 7, 2019risk 0.00cvss —epss 0.01
In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9.…
- CVE-2019-2092Jun 7, 2019risk 0.00cvss —epss 0.00
In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for…
- CVE-2019-2091Jun 7, 2019risk 0.00cvss —epss 0.00
In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for…
- CVE-2019-2090Jun 7, 2019risk 0.00cvss —epss 0.00
In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation.…
- CVE-2019-2049May 8, 2019risk 0.00cvss —epss 0.00
In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed…
- CVE-2019-2046May 8, 2019risk 0.00cvss —epss 0.01
In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-2045May 8, 2019risk 0.00cvss —epss 0.01
In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2019-2044May 8, 2019risk 0.00cvss —epss 0.01
In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for…
- CVE-2019-2043May 8, 2019risk 0.00cvss —epss 0.00
In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges…
- CVE-2019-2037Apr 19, 2019risk 0.00cvss —epss 0.01
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2019-2041Apr 19, 2019risk 0.00cvss —epss 0.00
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…
- CVE-2019-2032Apr 19, 2019risk 0.00cvss —epss 0.00
In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…
Page 83 of 89