Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2029 | 0.00 | — | 0.01 | Apr 19, 2019 | In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0… | |||
| CVE-2019-2040 | 0.00 | — | 0.00 | Apr 19, 2019 | In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2019-2039 | 0.00 | — | 0.00 | Apr 19, 2019 | In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-2038 | 0.00 | — | 0.00 | Apr 19, 2019 | In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-2035 | 0.00 | — | 0.00 | Apr 19, 2019 | In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-2034 | 0.00 | — | 0.00 | Apr 19, 2019 | In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product:… | |||
| CVE-2019-2033 | 0.00 | — | 0.00 | Apr 19, 2019 | In create_hdr of dnssd_clientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:… | |||
| CVE-2019-2031 | 0.00 | — | 0.00 | Apr 19, 2019 | In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2019-2030 | 0.00 | — | 0.01 | Apr 19, 2019 | In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:… | |||
| CVE-2019-2028 | 0.00 | — | 0.01 | Apr 19, 2019 | In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1… | |||
| CVE-2019-2027 | 0.00 | — | 0.01 | Apr 19, 2019 | In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0… | |||
| CVE-2019-2026 | 0.00 | — | 0.00 | Apr 19, 2019 | In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2019-1997 | 0.00 | — | 0.01 | Feb 28, 2019 | In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2019-1991 | 0.00 | — | 0.02 | Feb 28, 2019 | In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0… | |||
| CVE-2019-2001 | 0.00 | — | 0.00 | Feb 28, 2019 | The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211. | |||
| CVE-2019-1992 | 0.00 | — | 0.01 | Feb 28, 2019 | In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-1988 | 0.00 | — | 0.02 | Feb 28, 2019 | In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2019-1986 | 0.00 | — | 0.01 | Feb 28, 2019 | In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation.… | |||
| CVE-2019-1996 | 0.00 | — | 0.00 | Feb 28, 2019 | In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2019-1995 | 0.00 | — | 0.00 | Feb 28, 2019 | In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional… |
- CVE-2019-2029Apr 19, 2019risk 0.00cvss —epss 0.01
In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0…
- CVE-2019-2040Apr 19, 2019risk 0.00cvss —epss 0.00
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2019-2039Apr 19, 2019risk 0.00cvss —epss 0.00
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2019-2038Apr 19, 2019risk 0.00cvss —epss 0.00
In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2019-2035Apr 19, 2019risk 0.00cvss —epss 0.00
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2019-2034Apr 19, 2019risk 0.00cvss —epss 0.00
In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product:…
- CVE-2019-2033Apr 19, 2019risk 0.00cvss —epss 0.00
In create_hdr of dnssd_clientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:…
- CVE-2019-2031Apr 19, 2019risk 0.00cvss —epss 0.00
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2019-2030Apr 19, 2019risk 0.00cvss —epss 0.01
In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:…
- CVE-2019-2028Apr 19, 2019risk 0.00cvss —epss 0.01
In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1…
- CVE-2019-2027Apr 19, 2019risk 0.00cvss —epss 0.01
In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0…
- CVE-2019-2026Apr 19, 2019risk 0.00cvss —epss 0.00
In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-1997Feb 28, 2019risk 0.00cvss —epss 0.01
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-1991Feb 28, 2019risk 0.00cvss —epss 0.02
In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0…
- CVE-2019-2001Feb 28, 2019risk 0.00cvss —epss 0.00
The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.
- CVE-2019-1992Feb 28, 2019risk 0.00cvss —epss 0.01
In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2019-1988Feb 28, 2019risk 0.00cvss —epss 0.02
In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2019-1986Feb 28, 2019risk 0.00cvss —epss 0.01
In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation.…
- CVE-2019-1996Feb 28, 2019risk 0.00cvss —epss 0.00
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2019-1995Feb 28, 2019risk 0.00cvss —epss 0.00
In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional…
Page 84 of 89